Name: ________________________

Fundamentals of cyber
security
Class: ________________________

Date: ________________________

Time: 93 minutes

Marks: 90 marks

Comments:

Page 1 of 10
Q1.
Most schools have a computer network.

Some schools allow teachers to access the school network from their home computers.

Give one reason why some schools allow this and one reason why some schools do not
allow this.

Reason for: _____________________________________________________________

_______________________________________________________________________

Reason against: __________________________________________________________

_______________________________________________________________________
(Total 2 marks)

Q2.
Social engineering is where someone is tricked or manipulated into providing secure
information or access to a secure system. Describe each of the following social
engineering techniques.
gaining access to confidential
Blagging: ______________________________________________________________
user data for malicious purposes
under false pretenses
_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

through communication, such as

Phishing: ______________________________________________________________
email, pretending to be from a
reliable source and tricking a user
_______________________________________________________________________
into clicking a link or entering
confidentual data
_______________________________________________________________________

_______________________________________________________________________

Shouldering: ___________________________________________________________
gaining access to confidential
_______________________________________________________________________
data such as password or PIN
through looking over someone's
_______________________________________________________________________
shoulder remembering it
_______________________________________________________________________
(Total 3 marks)

Q3.
A games café is evaluating the security for their network.

(a) State two reasons why using a biometric authentication measure is better than
password authentication for staff accounts.

Page 2 of 10
 lower risk of shouldering
___________________________________________________________________
cannot be forgotten
___________________________________________________________________
cannot be hacked
___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________
(2)

(b) Explain why it would not be appropriate for the café to use MAC address filtering on
their wireless network.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________
(2)
(Total 4 marks)

Q4.
Social engineering is where someone is tricked or manipulated into providing secure
information or access to a secure system. Describe each of the following social
engineering techniques.

Blagging: _______________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

Phishing: _______________________________________________________________

_______________________________________________________________________

Page 3 of 10
 _______________________________________________________________________

_______________________________________________________________________

Shouldering (or shoulder surfing): __________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________
(Total 3 marks)

Q5.
AQATravel is a tour operator that sells holidays to places all around the world. They hold
all of their customer and business data electronically. Following recent news articles about
the effects of malware attacks on businesses, the management of AQATravel have been
investigating how they could protect themselves against malware attacks.

Discuss four methods that AQATravel could use to prevent infections from malware
and/or to minimise the damage that could be caused by malware.
(Total 12 marks)

Q6.
The algorithm below, expressed in pseudo-code, allows three users to log in to a
computer program with individual usernames and passwords.

• For this algorithm, array indexing starts at 0.

• Line numbers are included, but are not part of the algorithm.

01 userlist ← [ 'Rachel', 'Sam', 'Tracey' ]

02 passlist ←
[ '49Class', 'Smile', 'b1K3' ]
03 REPEAT
04 OUTPUT 'Enter Username'
05 username ← USERINPUT
06 OUTPUT 'Enter Password'
07 password ← USERINPUT
08 validlogin ← False
09 FOR usernum ← 0 TO2
10 IF username = userlist[usernum]
11 AND password = passlist[usernum] THEN
12 validlogin ← True
13 ENDIF
14 ENDFOR
15 UNTIL validlogin = True
16 OUTPUT 'Login Successful'

The valid usernames and passwords are listed below.

Username Password

Rachel 49Class

Page 4 of 10
 Sam Smile

Tracey b1K3

(a) Shade in one lozenge in each row of the table below to indicate the most
appropriate data type to use for each listed Variable from the algorithm, when the
algorithm is implemented in a programming language.

Most appropriate data type (shade one lozenge per row)

Variable Integer Real Boolean Character String

password

validlogin

usernum

(3)

(b) It is suggested that line 09 of the algorithm is replaced with the following line:

FOR usernum ← 0 TO LEN(userlist)

The function LEN returns the number of items that are stored in the array that is
passed to it as a parameter.

Explain why using the LEN function would make the algorithm more flexible and why
the suggested replacement line would not work as it is.

could be used on lists of varying length

___________________________________________________________________
has to be changed to
FOR usernum <= 0 TO LEN(userlist) - 1
___________________________________________________________________
as in pseudocode, the upperbound of a for loop is inclusive
___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________
(3)

(c) It is suggested that lines 08 to 14 of the algorithm are replaced with the following
lines:

FOR usernum ← 0 TO 2
IF username = userlist[usernum]
AND password = passlist[usernum] THEN
validlogin ← True
ELSE
validlogin ← False
ENDIF
ENDFOR

Explain why making this replacement would mean that the algorithm no longer
worked.

Page 5 of 10
 ___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________
(3)

(d) State which of the three passwords listed in the table above is the least secure and
explain why this is the case.
Smile
Which password:____________________________________________________

Why least secure:___________________________________________________

no special characters, numbers

___________________________________________________________________
or letters
___________________________________________________________________
(2)
(Total 11 marks)

Q7.
List three different measures that can be used to maintain the security of a computer
system.

For each measure:

• Outline what the measure is.

• Explain what types of threat to cyber security it is effective against.
(Total 9 marks)

Q8.
Explain each of the cyber security threats listed below.

(a) Social engineering.

gaining unauthorised acess to

___________________________________________________________________
confidential user data under false
pretenses or through deception,
___________________________________________________________________
including shouldering, blagging,
phishing
___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________
(2)

Page 6 of 10
 (b) Outdated software.

easier for hackers to identify

___________________________________________________________________
patches or weaknesses in
security software, to gain acess
___________________________________________________________________
to the network or computer
system by exploiting them
___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________
(2)

(c) Misconfigured access rights.

users have priviledges

___________________________________________________________________

allowing users to gain acccess to

___________________________________________________________________
data they shouldn't
___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________
(2)
(Total 6 marks)

Q9.

Most schools have a computer network.

Some schools allow teachers to access the school network from their home computers.

Give one reason why some schools allow this and one reason why some schools do not
allow this.

Reason for: ____________________________________________________________

_______________________________________________________________________

Reason against:_________________________________________________________

_______________________________________________________________________
(Total 2 marks)

Q10.

Organisations often spend a lot of money on cyber security.

Penetration testing is an attack on its own computer system by an organisation to try and
identify security weaknesses.

Page 7 of 10
 Describe one difference between black-box and white-box penetration testing.
in black box penetration, the
_______________________________________________________________________
hacker doesn't have user
credentials, to stimulate an attack
_______________________________________________________________________
by a malicious insider (Total 1 mark)

Q11.

Social engineering is often used to try to gain unauthorised access to a computer system.
Phishing is a commonly used social engineering technique where emails are sent that
pretend to be from a reputable organisation / company to try and obtain personal details.

Describe another two social engineering techniques. You should also explain measures
that an organisation can take to try to reduce the security risks from phishing and the two
other social engineering techniques you have described.
to reduce risk of phishing educate members of the organisation to check their emails,
_______________________________________________________________________
not click on links in emails, and install anti-phishing software
_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________
(Total 6 marks)

Q12.

In recent years, there has been a large growth in the use of cloud storage.

Discuss the advantages and disadvantages of using cloud storage.

In your answer you should include an explanation of the reasons for the large growth in
recent years and consider any legal, ethical and environmental issues related to the use
of cloud storage.
(Total 9 marks)

Q13.

Barnes Pest Control is a small business with four employees. Each of their employees
has a standalone desktop computer. They have decided to use a network instead of
standalone machines.

Page 8 of 10
 Two security measures that Barnes Pest Control could use are authentication and
encryption. Explain each of these security measures and how Barnes Pest Control could
use them.

Authentication:___________________________________________________________

_______________________________________________________________________

Encryption:______________________________________________________________

_______________________________________________________________________
(Total 4 marks)

Q14.

Computer viruses, Trojans, adware and spyware are different types of malware.

Describe the similarities and differences between these different types of malware. Your
answer should also describe measures that can be taken to reduce the risks from these
malware.
(Total 9 marks)

Q15.

The pseudocode below is written to make sure that the user enters a value within a given
range.

inp ← USERINPUT
WHILE inp ≤ 0 OR inp ≥ 10
OUTPUT "not in range"
inp ← USERINPUT
ENDWHILE

(a) (i) Tick the set of test data that is the most appropriate to check that the code
works as expected.

Tick one
Test data
box
−1, 0, 9, 10

0, 1, 10, 11

−1, 0, 10, 11

0, 1, 9, 10

(1)

(ii) Why is the set of test data that you have chosen in part (i) likely to be enough
to show that the code above works as expected?
all tests boundary data
______________________________________________________________

______________________________________________________________

Page 9 of 10
 (1)

(b) Develop an algorithm using pseudocode or a flowchart that asks the user to create
a new password.

The algorithm should:

• get the user to enter a password

• get the user to re-enter the password
• repeat the two bullet points above until both entered passwords are identical
• output "password created" when they are identical.
pass1 <= USERINPUT
___________________________________________________________________
pass2 <= USERINPUT
___________________________________________________________________

WHILE pass1 != pass2

___________________________________________________________________
pass1 <= USERINPUT
pass2 <= USERINPUT
___________________________________________________________________
OUTPUT 'password created'
___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________
(5)

(c) State two possible weaknesses of the passwords that this algorithm would accept.

would accept short passwprds

1. _________________________________________________________________

___________________________________________________________________

would accept passwords with no

2. _________________________________________________________________
mixture of capital letters and no
numbers
___________________________________________________________________
(2)
(Total 9 marks)

Page 10 of 10