You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson brings together everything you have learned across the Cyber Security unit and focuses on exam technique. It covers common question types, how to structure your answers, and key strategies for maximising your marks.
Cyber security appears in both the AQA and OCR GCSE Computer Science examinations. Questions range from simple recall (1-2 marks) to extended written answers (6-8 marks).
| Question Type | Marks | What Is Expected |
|---|---|---|
| Define / State | 1-2 | A short, precise definition or identification |
| Identify | 1-2 | Name a specific threat, method or defence |
| Describe | 2-4 | Explain what something is and how it works |
| Explain | 3-4 | Describe something AND give reasons why it works / is effective |
| Discuss / Evaluate | 4-8 | Examine multiple perspectives, weigh advantages against disadvantages, and reach a conclusion |
| Scenario-based | 3-6 | Apply your knowledge to a given situation |
Based on past papers and mark schemes, the following themes appear frequently:
The exam may describe a scenario and ask you to identify the type of attack:
"An employee receives an email that appears to be from the company's HR department. The email asks them to click a link and enter their login credentials to view a payslip. The link leads to a fake website."
Question: Identify the type of attack described. (1 mark) Answer: Phishing.
Key strategy: Read the scenario carefully. Look for clues: email = phishing, watching someone type = shoulder surfing, a program disguised as legitimate software = trojan, files encrypted with a ransom demand = ransomware.
Question: Explain how a DDoS attack works. (3 marks)
Model Answer: A DDoS attack uses many compromised computers (a botnet) to flood a target server with a huge volume of requests simultaneously (1). The server's resources are consumed trying to process all the malicious requests (1). Legitimate users are unable to access the service because the server cannot handle their requests (1).
Key strategy: For "explain" questions, give the process step by step. Each distinct point earns a mark.
| Feature | Virus | Worm |
|---|---|---|
| Self-replicates | Yes | Yes |
| Needs user action | Yes — user must open infected file | No — spreads automatically |
| Attaches to host file | Yes | No (standalone) |
| Primary spread method | Infected files | Network vulnerabilities |
Key strategy: When comparing, use a clear structure. State a feature, explain how it applies to BOTH items being compared.
Extended response questions require you to write a sustained, well-organised answer. Use this framework:
| Step | Meaning | Example |
|---|---|---|
| P — Point | State your main point | "One effective defence against phishing is user education and awareness training." |
| E — Evidence | Support with a specific fact | "Staff can be taught to recognise warning signs such as generic greetings, urgent language and suspicious sender addresses." |
| E — Explain | Explain why this is relevant | "This is effective because social engineering relies on human error; if employees can identify phishing attempts, they are less likely to click malicious links or reveal credentials." |
| L — Link | Link back to the question | "Therefore, user training directly reduces the risk of a successful phishing attack on the organisation." |
Question: "A company has recently suffered a ransomware attack. Discuss the measures the company should implement to protect against future cyber security threats." (8 marks)
Model Answer:
The company should implement a defence in depth approach, using multiple layers of security.
Technical measures: The company should install and maintain anti-malware software that uses signature-based and heuristic detection to identify and block ransomware before it can execute. All software should be kept up to date with the latest security patches, as the WannaCry ransomware exploited a known Windows vulnerability for which a patch had already been released. A firewall should be configured to block unauthorised inbound and outbound traffic, and email filtering should be enabled to catch phishing emails that often deliver ransomware.
Data protection: The company should implement a regular backup strategy, storing backups offline or in the cloud. If ransomware encrypts files, the company can restore from a clean backup without paying the ransom. Data should be encrypted both at rest and in transit to protect confidentiality.
Access control: The principle of least privilege should be applied, so each employee only has access to the data and systems they need. This limits the damage if one account is compromised. Two-factor authentication should be enabled for all accounts, especially those with administrative privileges.
Human factors: Staff should receive security awareness training covering how to recognise phishing emails, the dangers of suspicious attachments and the importance of reporting unusual activity. Since social engineering is often the initial attack vector for ransomware, training is critical.
Testing and compliance: The company should conduct regular penetration testing to identify vulnerabilities and ensure compliance with data protection regulations such as the GDPR/DPA 2018, which requires organisations to implement appropriate technical and organisational measures to protect personal data.
In conclusion, no single measure is sufficient. The company must combine technical controls, data protection, access management, staff training and regular testing to build a robust defence.
Some questions ask you to evaluate a specific measure:
Question: "Evaluate the effectiveness of biometric authentication as a method of protecting computer systems." (6 marks)
Framework for evaluation:
| Advantages | Disadvantages |
|---|---|
| Unique to each individual — harder to forge than passwords | Cannot be changed if compromised |
| Cannot be forgotten (unlike passwords) | False positives/negatives can occur |
| Convenient and fast | Expensive hardware required |
| Harder to share or steal | Privacy and ethical concerns |
Concluding sentence: "Biometric authentication is highly effective as part of a multi-factor authentication system, but it should not be used alone because of the risk of irreversibility if biometric data is compromised."
Key strategy: Always give a balanced answer (both sides), then reach a clear conclusion that answers the question. Do not sit on the fence — state which side you believe is stronger and justify your position.
| Mistake | Why It Costs Marks | What to Do Instead |
|---|---|---|
| Giving only one side of an argument | "Discuss" questions require balance | Present advantages AND disadvantages |
| Vague answers ("it makes it more secure") | No specific detail for the examiner to award | Be specific: state WHAT the measure does and WHY it helps |
| Confusing terms (encryption vs hashing) | Shows misunderstanding | Encryption is reversible; hashing is one-way |
| Mixing up virus and worm | Common error in exams | Virus needs user action; worm spreads automatically |
| Not reading the scenario | Missing context-specific marks | Refer directly to details in the scenario |
| Writing too little for extended questions | Not enough points for full marks | Aim for 4-6 distinct points for a 6-8 mark question |
Before the exam, make sure you can:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.