Professional Documents
Culture Documents
1.6 - System Security
1.6 - System Security
6 - System Security
Explain different forms of attack
Explain how people are the ‘weak point’ in secure systems (social engineering)
Explain how to identify and prevent vulnerabilities using; penetration testing, network forensics,
network policies, anti-malware software, firewalls, user access levels, passwords and encryption.
EXAM QUESTIONS
QUESTION 1
A doctor’s surgery stores hundreds of patients’ details on its computer network. The surgery is
concerned about the security of its patients’ sensitive medical data. Staff are already required
to use strong passwords to protect systems. Explain, with reference to system security, three
other ways that the surgery could protect the system.
Firewall
Anti-malware
Encryption
[6]
1.6 - System Security
Identify three errors that the surgery’s staff could make, that may endanger the security of the
network and outline a procedure that could be put in place to prevent each error.
Allowing access
Sharing sensitive data
Blocking access to USB ports
[6]
QUESTION 2
A school has all of its computers in a local area network (LAN). Explain two measures which
the school will need to take to ensure the security of the network.
Passwords, Firewalls
[4]
QUESTION 3
Security on a computer can be provided directly by the operating system or by using utility
programs. Utility programs include antivirus, file transfer, firewall and system clean up. State
which two of these utilities can be used for security.
Antivirus, firewall
[2]
Identify and describe two methods by which the operating system can provide additional
security directly.
Viruses
Worms ✔
1.6 - System Security
Trojan Horses
Phishing
Virus
Data Theft
Designed to access a computer by misleading users of its intent by prompting to download a program
Designed to access a computer by misleading users of its’ intent by prompting to download a program
Designed to access a computer by misleading users of its’ intent by prompting to download a program ✔
10
30
54,000
82,000 ✔
Keyboard
Hard drive
RAM
Question 10: Sending requests to a single server using hijacked machines (1-3) ✔
Phishing
DDOS ✔
Worm
Virus
Question 11: Social engineering, phishing and worms are examples of (4-6) ✔
Viruses
Scams
Data interception ✔
Malware
Nibbles
Parts
Bytes
1.6 - System Security
Packets ✔
SQL
DDOS v
USB
WLAN
Question 14: Organisations can protect themselves from SQL injection attacks by downloading ✔
and installing (7-9)
Patches ✔
Software
Upgrade
Downgrade
Question 16: An SQL injection attack would cause unauthorised access to (1-3) ✔
Files
Entire computer
Databases ✔
Some files
Question 17: A network of computers infected with malicious software and controlled as part of a ✔
group without the owners’ knowledge (4-6)
Virus
Stuxnet
Ring
Botnet ✔
1.6 - System Security
Question 18: The ’official title’ of the person who is responsible for exploring ✔
vulnerabilities of computer systems and reporting of this in an organization (4-6)
Penetration tester ✔
Systems administrator
Network manager
Forensic technician
Examination of computers
Examination of phones
Packet sniffing ✔
Running anti-virus
Question 21: Law enforcement agencies can intercept data under what law? (7-9) ✔
Question 22: A user gaining access to a system or intercepting user data without permission ✔
would be breaching which law? (4-6)
Question 23: Software that performs a ‘barrier’ between a potential attacker and the computer ✔
system (4-6)
1.6 - System Security
Anti-virus
Firewall
Windows Update
Disk Defragmenter ✔
Question 24: Defines how a system can be secured through specific rules or ✔
requirements (4-6)
Security Policy
Password Policy
Signing in book
Group Permissions
User Maintenance ✔
Where only the sender and recipient can read the message
A form of anti-virus
Where data is translated into code so that only authorised users, or users with the key can decrypt it ✔
Coin
Key ✔
1.6 - System Security
Token
Graph
Question 29: A Caeser Cipher uses what in order for decryption? (7-9) ✔
Token shift
Graph token
Coin number
Question 30: Typically, what level of access would a student in a school have on the network? ✔
(7-9)
Full access