Exam paper

Question 1

Identify one possible target of a cyber security attack. (1 mark)

Answer 1

• Individual (1)
• Data / information (1)
• Equipment (1)
• Organisation (1)

Question 2

Identify two purposes of cyber security. (2 marks)

Answer 2

• To protect information / data (1)
• To keep information / data confidential (1)
• To maintain the integrity of information / data (1)
• To maintain the availability of information / data (1)

Question 3

Some of the data stored in an accounts spreadsheet has been deliberately changed.
Identify the type of cyber security incident that has occurred. (1 mark)

Answer 3

Data modification

Question 4

Many organisations use the cloud to store files and folders.

Identify one reason why files and folders stored in the cloud should be kept secure.

Answer 4

To prevent them from being accessed by unauthorised users. (1)

Question 5

A delivery company holds details of its customers in a database. The company has recently been
the target of a cyber-attack on its customer database.
During the attack, some of the data held in the customer database was deliberately removed.
Identify the type of cyber-attack that occurred. (1 mark)

Answer 5

• Data destruction (1)
OR
• Data theft (1)

Question 6

A delivery company holds details of its customers in a database. The company has recently been
the target of a cyber-attack on its customer database.
During the attack, some of the data held in the customer database was deliberately removed.
Describe two impacts of this cyber-attack on the delivery company (4 marks)

Answer 6

• Loss of reputation and trust from customers (1)
who feel the company cannot be trusted with
their personal details (1)
• Customer decrease (1) as customers begin to use
alternative companies that have good security measures in place (1)
• May have to pay compensation (1) to customers
whose details have been removed/ affected (1)

Question 7

In a cyber attack, some of the customers of the delivery company have been sent an email asking them to click a link to view delivery details of an order.
Which type of cyber attacker would use this method? (1 mark)

Answer 7

Phisher (1)

Question 8

In a cyber attack, some of the customers of the delivery company have been sent an email asking them to click a link to view delivery details of an order.
Identify and describe the type of threat that has occurred during this cyber-attack. (3 marks)

Answer 8

Fake / hoax emails (1st)
One from:
• The link in the email can link to a fake website (1) that
contains malware / virus / (1)
• Customers can be asked to reveal private / personal
details (1) that can then be used for identity theft (1)

Question 9

In a cyber attack, some of the customers of the delivery company have been sent an email asking them to click a link to view delivery details of an order.
Legislation could be used to prosecute these cyber attackers.
Identify one act of legislation that could be used to prosecute these cyber attackers. (1 mark)

Answer 9

Computer Misuse Act (1)

Question 10

Following the cyber-attacks, it has been recommended that the delivery company review its organisational policy on access management.
Describe two ways in which access management could be used to increase the safety of data held in the customer database. (4 marks)

Answer 10

• User/names (1) could be used to determine the level of
access to the database (1)
• Could be used to determine the actions that can be
carried out on the database (1) e.g. read
only/write/amend (1)
• Audit trails (1) could show who accesses the
database/what actions were carried out (1)

Question 11

Progress Pets is an online shop that is run from the owner’s home. The broadband connection
is provided wirelessly through a router. The router provides the broadband access for the
family and does not require a password to join.
Orders from the online shop are placed via email with the order form as an attachment. The order form includes the customer contact and payment details as well as details of the goods
they wish to order.
. The website could be used as a platform by cyber attackers.
Describe the following type of cyber attacker and provide an example of how they could exploit the website.
Phisher (with example) (3 marks)

Answer 11

• Someone who pretends to be a business /
organisation/person (1) to try to get personal information from someone (1)
• Example: Pretends to be from the business asking for
clarification of payment details for an order (1)

Question 12

Progress Pets is an online shop that is run from the owner’s home. The broadband connection
is provided wirelessly through a router. The router provides the broadband access for the
family and does not require a password to join.
Orders from the online shop are placed via email with the order form as an attachment. The order form includes the customer contact and payment details as well as details of the goods
they wish to order.
. The website could be used as a platform by cyber attackers.
Describe the following type of cyber attacker and provide an example of how they could exploit the website.
Scammer (with example) (3 marks)

Answer 12

• Someone who sets up a fraudulent website /business (1)
that may be very similar to the real website business (1)
• Example: Could copy the website but have a slightly
different web address, giving contact details of the fake
business (1)

Question 13

Data theft is one type of cyber security incident that might affect Progress Pets
Identify two other types of cyber security incidents that might affect it. (2 marks)

Answer 13

• Data destruction (1)
• Data manipulation (1)
• Malware (1)
• Social engineering/accept examples (1)
• Unauthorised access (1)

Question 14

To increase the level of cyber security and reduce vulnerabilities, different measures can be
taken by Progress Pets.
Identify one possible vulnerability of the Progress Pets website. (1 mark)

Answer 14

• Hacking (1)
• DoS (1)
• Virus (1)

Question 15

Describe how using a password to access the wireless router will increase the level of
cyber security for Progress Pets. (2 marks)

Answer 15

• When combined with user name (1) the password and
user name need to be correct (1)
• People who do not live at the house / passers-by (1) will
not be able to access the connection (1)

Question 16

Identify two other logical protection measures which could be implemented and explain how these
could be used by the owner of Progress Pets (4 marks)

Answer 16

• Anti-virus software (1st) to scan all incoming emails/
attachment and move any suspicious files (1)
• Encryption (1st) to ensure that all information and data
held on the computer system is kept secure and if
intercepted cannot be understood (1)
• Firewall (1st) to control the data that can/cannot enter
the system and protect it from threats and attacks (1)
• Secure backups of data (1st) should be carried out
regularly with the backup stored away from the system in
a safe place (1)

Question 17

Identify one physical protection measure that could be implemented and explain how this
could be used by the owner of Progress Pets. (2 marks)

Answer 17

• Locks on doors (1st) to keep computer equipment used
for Progress Pets secure (1)
• Device locks (1st) to ensure that no-one can use a flash
drive/memory stick etc. that may contain a virus (1)

Question 18

Discuss the impacts on customers of Progress Pets if their order forms were hacked. (9 marks)

Answer 18

• Personal data is held on the order form, so identity theft
may occur
• Payment details can lead to theft of money if card details
are provided
• Customers may not use the business again as they have
no trust in the security
• Identity theft can lead to, for example, debts being run
up passports being issued in error identity being used for
criminal activity etc.
• Credit/debit cards/bank accounts etc. may need to be changed, this can take time and cause financial upset
/inconvenience
• Passwords/user names on other websites may need to be changed, this can take time and cause distress/
inconvenience
• Customers could sue the owner of the online shop for
distress and inconvenience caused

Question 19

Identify two reasons why cyber security is important to an individual 2 marks)

Answer 19

• To protect personal data / keep data safe (1)
• To stay safe online (1)
• To avoid financial loss (1)
• To avoid identity theft(1)
• Stops unauthorised access (1)
• Protect hardware (1)

Question 20

Data in a sports club database has been deleted without authorisation.
Identify the type of cyber security incident which has occurred. (1 mark)

Answer 20

• Data destruction (1)

Question 21

Identify two motivations of a cyber criminal (2 marks)

Answer 21

• Financial gain (1)
• Publicity (1)
• Fraud (1)
• Espionage (1)

Question 22

A cafe offers customers free Wi-Fi access. Customers do not need to enter a password to access the Wi-Fi.
Identify and describe one intentional cyber security incident which may occur at the cafe. (3 marks)

Answer 22

• Hacking (1st) by an individual (1) into the unsecured Wi-Fi(1)
• DoS (1st) by bombarding the servers (1) with (useless) traffic(1)

Question 23

A cafe offers customers free Wi-Fi access. Customers do not need to enter a password to access the Wi-Fi.
Customers may download files from unauthorised websites when using the Wi-Fi.
Identify and describe one other accidental cyber security incident which may occur when the Wi-Fi at the cafe is used. (3 marks)

Answer 23

• Responding to a fake email (1st) which triggers an attack (1) e.g. virus / malware / spyware (1)
• Clicking on a hyperlink (1st) in an email / fake website (1) which can download a virus (1)
Use of a portable storage device (1st) which may contain a virus (1) which could spread to the network (1)

Question 24

The owners of a cafe have been advised to increase the cafe’s cyber security.
Explain two reasons why the owners would increase the cafe’s cyber security. (4 marks)

Answer 24

• To protect (1) information / data (1)
• To keep information / data (1) confidential (1)
• To maintain (1) the integrity / availability of information / data (1)
• To protect the network / data / computer equipment (1) from cyber attacks / hacking / infection from viruses (1)
• To prevent unauthorised users (1) gaining access (1)

Question 25

Other than customers, identify two possible targets at a cafe for a cyber security attack. (2 marks)

Answer 25

• Data / Information (1)
• Equipment (1)
• Staff (1)
• Owner (1)

Question 26

Cyber security can be increased by providing customers with a strong password for access to the Wi-Fi.
Describe one characteristic of a strong password (2 marks)

Answer 26

• Mixture (1) of upper and lower case letters (1)
• Includes (1) numbers / special characters (1)
• Cannot be linked to the cafe (1) eg. the name (1)
• not recognisable word (1) e.g. XYP9!F

Question 27

A company’s customers have reported they are receiving emails from that company asking them to download an attachment.
Identify and describe one type of threat which could occur if customers did download the attachment. (3 marks)

Answer 27

• Receive a virus (1st) which could infect the system (1) or be passed to contacts (1)
• Download spyware (1st) which would be a threat to security (1) by disclosing codes and other information (1)
• Be a victim of hacking (1st) which would allow others to steal information (1) and use it for their own benefit (1)

Question 28

A pet store’s web page contains the owners’ names and contact details with their pet names.
Identify the act which covers the holding of these personal details. (1 mark)

Answer 28

• Data protection act (DPA) (1)

Question 29

Explain how having no security on a pet store’s web page breaks the act you have identified in the previous question. (3 marks)

Answer 29

• Data must be kept secure (1) by having no security on the web page (1) anyone can see the owner’s details (1)

Question 30

The pet store is looking to implement an Acceptable Use Policy for its staff.
Describe, giving an example, what is meant by an Acceptable Use Policy (3 marks)

Answer 30

• Guidelines and instructions (1) relating to the use of email / Internet (1)
• Describes what staff can use (1) cannot use (1) e.g the email / internet for whilst at work (1)
• Example - facebook (1) e.g. not using the company’s email for personal reasons / accessing social media from work

Question 31

A company has been advised to move the server to a room and implement physical security protection measures.
Identify one physical security protection measure which could be implemented. (1 mark)

Answer 31

• Locking the server room (1)
• Using a keypad (1)
• RFID staff badges (1)
• Biometric

Question 32

Explain how physical security measures identified in the previous answer can protect a server. (3 marks)

Answer 32

• Locking the server room - keys to room (1) can be kept secure (1) so that only staff who are authorised can access the room (1)
• Using a keypad - keypad number (1) is known only (1) by staff who need to access the room (1)
• RFID staff badges - badges can be given to authorised staff (1) to allow them to enter the server room (1) and provides an audit of who entered the room (1)
• Biometric - Use of face / fingerprint (1) to allow access (1) to authorised individuals (!)

Question 33

A cyber security incident has occurred on a company’s website.
Discuss the possible impacts of cyber security incidents on that company. (9 marks)

Answer 33

• Loss of reputation as customers will see them as unreliable.
• Lack of trust from owners as they feel their details are not safe
• Loss of business data / information meaning that, unless these are backed up, details may have to be gathered again
• Possibility of website being used by scammers to defraud customers who are not aware of issues, leading to further loss of trust and reputation
• Decrease in revenue as customers change to another company.