Comprehension Questions
What motivates cyberattacks?
Describe how tailgating works and give an example.
What is the difference between DoS and DDoS attacks?
How does spoofing deceive users?
What are the dangers of an insider attack?
GCSE-Style Questions
Explain what is meant by "social engineering" and provide two examples. (4 marks)
Discuss how spoofing attacks work and why they can be dangerous. (6 marks)
Describe the term "backdoor access" and explain how attackers use it to gain unauthorized entry. (4 marks)
Explain two motives behind cyberattacks and provide an example for each. (4 marks)
Evaluate the impact of DDoS attacks on businesses and suggest ways to mitigate them. (6 marks)
Comprehension Questions
What is the main purpose of ransomware?
Name three methods malware uses to infect systems.
What was the impact of the WannaCry ransomware attack on the NHS?
How does spyware collect user information?
What security measures can help prevent malware infections?
GCSE-Style Questions
Explain the term "spyware" and describe how it can be used to steal information. (4 marks)
Describe two methods malware uses to infect systems and suggest how to prevent these infections. (6 marks)
Compare viruses and worms in terms of how they spread and their impact on a system. (4 marks)
Discuss the role of anti-malware software in preventing cyber threats. (5 marks)
Evaluate the effectiveness of system patching in preventing malware attacks. (6 marks)
Comprehension Questions
What are three common features of phishing emails?
How does spear phishing differ from general phishing?
What is smishing, and how does it work?
Why is CEO fraud considered a dangerous phishing attack?
What security measures can help prevent phishing attacks?
GCSE-Style Questions
Describe the term "vishing" and explain how it can be used in a phishing attack. (4 marks)
Explain two techniques that can prevent phishing attacks and discuss their effectiveness. (6 marks)
What is credential harvesting, and how do attackers use it in phishing scams? (4 marks)
Discuss the impact of phishing attacks on businesses and individuals. (5 marks)
Evaluate the effectiveness of two-factor authentication (2FA) in preventing phishing attacks. (6 marks)
Comprehension Questions
How does a botnet amplify a DDoS attack?
Why is CAPTCHA an effective method against brute force attacks?
What is the difference between a dictionary attack and a hybrid attack?
How does IP blocking help mitigate DDoS attacks?
What was the impact of the 2016 Dyn DDoS attack?
GCSE-Style Questions
Explain how a DDoS attack works and describe its potential impact on a business. (6 marks)
Suggest two measures to prevent brute force attacks and explain how they improve security. (4 marks)
Compare the effectiveness of account lockout policies and CAPTCHA in preventing brute force attacks. (5 marks)
Describe how salting strengthens password security. (4 marks)
Evaluate the role of CDNs in mitigating the effects of DoS/DDoS attacks. (6 marks)
Comprehension Questions
What is the main difference between passive and active interception attacks? Provide an example of each.
Why is public Wi-Fi considered a high-risk environment for interception attacks?
What is HTTPS stripping, and how does it make a network more vulnerable to interception?
How does a Man-in-the-Middle (MITM) attack work, and what types of information can hackers steal?
Describe two security measures that can help prevent interception attacks.
GCSE-Style Questions
Describe the difference between passive interception and active interception. Give one example of each. (3 marks)
Explain how a Man-in-the-Middle (MITM) attack works and describe two security measures that can help prevent it. (4 marks)
A user connects to free public Wi-Fi in a café. Explain why this is a security risk and describe two methods an attacker could use to intercept the user’s data. (5 marks)
Explain how SSL/TLS encryption protects data and discuss the advantages and limitations of using encryption to secure network communication. (6 marks)
A company has discovered that sensitive customer data was stolen through an interception attack. Explain two ways the attack could have happened and describe three security measures the company should implement to prevent future interception attacks. (8 marks)
Comprehension Questions
How does SQL injection allow attackers to bypass authentication?
What are two consequences of SQL injection attacks?
Why is input validation important in preventing SQL injection?
What happened in the Sony Pictures hack, and how did SQL injection contribute to it?
How do parameterized queries protect against SQL injection?
GCSE-Style Questions
A website login form is vulnerable to SQL injection. The attacker enters ' OR '1'='1' --.
a) What does this query do?
b) Suggest two ways to fix this vulnerability. (4 marks)
A company stores customer data in a database but does not use parameterized queries.
a) Describe one risk the company faces.
b) Explain how parameterized queries reduce this risk. (4 marks)
Compare the risks of error-based and blind SQL injection attacks. (5 marks)
Explain the concept of “least privilege” and how it helps protect databases from SQL injection attacks. (4 marks)
Evaluate the effectiveness of penetration testing in identifying SQL injection vulnerabilities before they are exploited. (6 marks)
Comprehension Questions
How can unpatched software lead to cyberattacks?
Describe the role of penetration testing in cybersecurity.
What is the function of a vulnerability scanner?
Why is multi-factor authentication (MFA) important for securing systems?
What are the dangers of privilege escalation in system security?
GCSE-Style Questions
Define a vulnerability and provide an example. (2 marks)
Explain the difference between black-box and white-box testing. (4 marks)
Identify two ways that organizations can prevent cyberattacks by reducing vulnerabilities. (4 marks)
Describe what a zero-day vulnerability is and why it is dangerous. (3 marks)
Explain the benefits of penetration testing for an organization. (5 marks)