Section A
Social engineering
Tricking people into giving away confidential information or performing actions that compromise security. (1)
Two examples (1 each)
Phishing, pretexting, baiting, tailgating, shoulder surfing, vishing, etc.
Malware
Malicious software designed to harm or exploit systems. Example: virus, worm, trojan, ransomware, spyware, keylogger, etc. (1 + 1)
Two ways to make passwords secure (1 each)
Make it long (12+ characters), use mix of upper/lower/numbers/symbols, don’t reuse passwords, use passphrases, use a password manager, enable 2FA/MFA.
Brute-force attack
Automatically trying many password combinations until the correct one is found. (1)
Two other prevention methods (1 each)
Firewall, anti-virus/malware software, encryption, penetration testing, user training, network policies, software updates/patches, etc.
Section B
Phishing (4 marks)
Phishing is a social engineering attack where attackers pretend to be trustworthy (e.g., bank) to steal login details or install malware. (1)
Two signs (1½ each – max 3):
SQL Injection (3 marks)
Attacker inserts malicious SQL code into a web form/input field → database executes it (e.g., bypasses login with ' OR '1'='1). (2)
Prevention: Use prepared statements / parameterised queries / input validation / escaping special characters. (1)
Penetration testing vs Anti-virus (3 marks)
Penetration testing = authorised simulated attack to find weaknesses (proactive). (1.5)
Anti-virus = software that detects and removes known malware (reactive). (1.5)
(Accept clear comparison of proactive vs reactive)
Ransomware
a) Encrypts victim’s files and demands payment for decryption key. (1)
b) Two ways (1 each):
Total: 25 marks