Cambridge Technicals , Mark Scheme for January 2017

Similar documents
Cambridge Technicals IT. Mark Scheme for June Unit 2: Global Information. Level 3 Cambridge Technical in IT

Cambridge Technicals IT. Mark Scheme for January Unit 2: Global information

Cambridge Technicals , Mark Scheme for January 2018

GCE Applied ICT. Mark Scheme for June Unit G055: Networking Solutions. Advanced GCE. Oxford Cambridge and RSA Examinations

Cambridge National Creative imedia. Mark Scheme for June Unit R081: Pre-Production Skills

ICT B063/02: Mark Scheme for January 2013

Cambridge Technicals Digital Media. Mark Scheme for January Unit 2: Pre-production and planning

GCE. Computing. Mark Scheme for January Advanced Subsidiary GCE Unit F452: Programming Techniques and Logical Methods

Thursday 12 January 2017 Afternoon Time allowed: 1 hour

Cambridge Technicals Engineering. Mark Scheme for January Unit 3: Principles of mechanical engineering

Vocational Qualifications (QCF, NVQ, NQF) Business Skills Level 1-3. OCR Report to Centres

Vocational Qualifications (QCF, NVQ, NQF) ICT Professional Competence. OCR Report to Centres

GCSE Business and Communication Systems. Mark Scheme for June Unit A267: ICT skills for business communication systems

Vocational Qualifications (QCF, NVQ, NQF) Using ICT. OCR Report to Centres Entry Level Award Using ICT (Entry 3) 01679

GCE. Mathematics (MEI) Mark Scheme for June Advanced GCE 4754A Applications of Advanced Mathematics (C4) Paper A

GCE. Mathematics. Mark Scheme for January Advanced GCE Unit 4736: Decision Mathematics 1. physicsandmathstutor.com

GCE. Mathematics. Mark Scheme for June Advanced GCE Oxford Cambridge and RSA Examinations

GCE. Computing. Mark Scheme for June Advanced GCE Unit F453: Advanced Computing Theory. Oxford Cambridge and RSA Examinations

GCE Computing. Mark Scheme for June Unit F453: Advanced Computing Theory. Advanced GCE. Oxford Cambridge and RSA Examinations

GCE Computing. Mark Scheme for June Unit F451: Computer Fundamentals. Advanced Subsidiary GCE. Oxford Cambridge and RSA Examinations

GCE Computing. Mark Scheme for June Unit F453: Advanced Computing Theory. Advanced GCE. Oxford Cambridge and RSA Examinations

GCSE. Mark Scheme for June 2011 ICT. General Certificate of Secondary Education Unit B061: ICT in Today s World. Oxford Cambridge and RSA Examinations

GCSE. French. Mark Scheme for June General Certificate of Secondary Education Unit A703 01/02: Reading. Oxford Cambridge and RSA Examinations

GCE Mathematics (MEI) Mark Scheme for June Unit 4752: Concepts for Advanced Mathematics. Advanced Subsidiary GCE PMT

Functional Skills ICT. Mark Scheme for A : Level 1. Oxford Cambridge and RSA Examinations

datasheet Certificate/Diploma in Business and Administration Main features of the qualifications Introduction Target audience

GCE ICT. Mark Scheme for June Unit G061: Information, Systems and Applications. Advanced Subsidiary GCE. Oxford Cambridge and RSA Examinations

Level 2 Cambridge Technical in IT

GCE. Mathematics. Mark Scheme for June Advanced Subsidiary GCE Unit 4736: Decision Mathematics 1. Oxford Cambridge and RSA Examinations

Computer SCienCe Theme: Programming Techniques

GCSE ICT. Mark Scheme for June Unit B061/02: ICT in Today s World. General Certificate of Secondary Education

Unit 2 Essentials of cyber security

Key Dates Timetables: 2015/16

Unit 3 Cyber security

GCSE Mathematics B (Linear) Mark Scheme for June Component J567/04: Mathematics Paper 4 (Higher) General Certificate of Secondary Education

GCE. Computing. Mark Scheme for January Advanced Subsidiary GCE Unit F451: Computer Fundamentals. Oxford Cambridge and RSA Examinations

GCSE AND CAMBRIDGE NATIONALS FINAL EXAMINATION TIMETABLE NOVEMBER 2018

GCE. Computing. Mark Scheme for June Advanced Subsidiary GCE Unit F452: Programming Techniques and Logical Methods

GCSE ICT B061: Mark Scheme for June 2016

OCR LEVEL 1 NVQ FOR IT USERS (03384) OCR LEVEL 2 NVQ FOR IT USERS (03385) OCR LEVEL 3 NVQ FOR IT USERS (03386)

CAMBRIDGE TECHNICALS FINAL EXAMINATION TIMETABLE JANUARY 2017

CAMBRIDGE TECHNICALS FINAL EXAMINATION TIMETABLE JUNE 2018

CAMBRIDGE TECHNICALS FINAL EXAMINATION TIMETABLE JANUARY 2018

CAMBRIDGE TECHNICALS FINAL EXAMINATION TIMETABLE JUNE 2018

CAMBRIDGE TECHNICALS FINAL EXAMINATION TIMETABLE JUNE 2017

GCE Mathematics. Mark Scheme for June Unit 4736: Decision Mathematics 1. Advanced Subsidiary GCE. Oxford Cambridge and RSA Examinations

Cambridge TECHNICALS LEVEL 3

Computer SCienCe Theme: Applications Generation

GCE. Computing. Mark Scheme for June Advanced Subsidiary GCE Unit F451: Computer Fundamentals. Oxford Cambridge and RSA Examinations

CAMBRIDGE TECHNICALS FINAL EXAMINATION TIMETABLE JANUARY 2019

FSMQ, PRINCIPAL LEARNING LEVEL 3 AND LEVEL 3 CERTIFICATE EXAMINATIONS FINAL EXAMINATION TIMETABLE JANUARY

CAMBRIDGE NATIONALS AND PROJECTS PROVISIONAL EXAMINATION TIMETABLE JANUARY 2019

DESIGN AND TECHNOLOGY

PROVISIONAL EXAMINATION TIMETABLE JANUARY 2017

FINAL EXAMINATION TIMETABLE JANUARY 2016

PARENTS AND STUDENTS Check out our computing qualifications for Key Stage 4

CAMBRIDGE NATIONALS AND PROJECTS FINAL EXAMINATION TIMETABLE JANUARY 2019

Level 3 Cambridge Technical in Digital Media

OCR Interchange Service Agreement

DESIGN AND TECHNOLOGY

A LEVEL H446 COMPUTER SCIENCE. Code Challenges (21 40) September 2015

Level 3 Implementing an ICT systems security policy ( / )

Monday 15 June 2015 Afternoon

LEVEL 1 FUNCTIONAL SKILLS

Wednesday 13 May 2015 Morning

Exemplar Candidate Work Part 1 of 2 GCE in Applied ICT. OCR Advanced GCE in Applied ICT: H715 Unit G057: Database design

Abbotsholme School Equestrian Centre The British Horse Society Stages 1 to 3 Assistant Instructor & SVQ and Diploma

Unit 3 Building IT systems

Cambridge International Examinations Cambridge International General Certificate of Secondary Education. Published

Tuesday 14 January 2014 Morning

Example Candidate Responses. Cambridge International AS & A Level Computer Science. Paper 3

LEVEL 2 FUNCTIONAL SKILLS

Wednesday 17 May 2017 Morning

The Learner can: 1.1 Describe the common types of security breach that can affect the organisation, such as:

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Statistical Bulletin. Malpractice in GCSE and GCE: June 2012 Exam Series. October Ofqual/12/5221

It pays to stop and think

Cambridge TECHNICALS LEVEL 3

Credit Card Frauds Sept.08, 2016

Tuesday 24 June 2014 Morning

General Data Protection Regulation policy (exams) 2018/19

LEVEL 1 FUNCTIONAL SKILLS

Level 1 2 Cambridge National Certificate In Information

The London Institute of Banking & Finance a registered charity, incorporated by Royal Charter. Page 1 of 8

Level 3 Cambridge Technical in IT

Qualification Specification. Skills for Engineering Level 1

CISI - International Introduction to Securities & Investment Study Support Training EUROPE MIDDLE EAST & NORTH AFRICA ASIA

Cambridge International Examinations Cambridge International General Certificate of Secondary Education. Published

IQ Level 4 Award in Understanding the External Quality Assurance of Assessment Processes and Practice (QCF) Specification

COMPUTER SCIENCE. H446/02 Summer 2017 examination series Set C Mid A LEVEL. Exemplar Candidate Work. H446 For first teaching in 2015

Tuesday 15 January 2013 Morning

PHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016

This pre-release material may be given to candidates at any time after receipt by the Centre.

Level 3 Cambridge Technical in IT 05838/05839/05840/05841/05842/05877 Unit 1: Fundamentals of IT

VOCATIONAL QUALIFICATIONS ENTRY CODES 2017/18. ocr.org.uk

Wednesday 14 May 2014 Morning

Provider Monitoring Report. City and Guilds

Cyber and data security How prepared is your charity?

Cambridge TECHNICALS LEVEL 3

Qualification Specification. Suite of Internal Quality Assurance Qualifications

Transcription:

Cambridge Technicals IT Unit 3: Cyber security Level 3 Cambridge Technical Certificate/Diploma in IT 05838-05842, 05877 Mark Scheme for January 2017 Oxford Cambridge and RSA Examinations

OCR (Oxford Cambridge and RSA) is a leading UK awarding body, providing a wide range of qualifications to meet the needs of candidates of all ages and abilities. OCR qualifications include AS/A Levels, Diplomas, GCSEs, Cambridge Nationals, Cambridge Technicals, Functional Skills, Key Skills, Entry Level qualifications, NVQs and vocational qualifications in areas such as IT, business, languages, teaching/training, administration and secretarial skills. It is also responsible for developing new specifications to meet national requirements and the needs of students and teachers. OCR is a not-for-profit organisation; any surplus made is invested back into the establishment to help towards the development of qualifications and support, which keep pace with the changing needs of today s society. This mark scheme is published as an aid to teachers and students, to indicate the requirements of the examination. It shows the basis on which marks were awarded by examiners. It does not indicate the details of the discussions which took place at an examiners meeting before marking commenced. All examiners are instructed that alternative correct answers and unexpected approaches in candidates scripts must be given marks that fairly reflect the relevant knowledge and skills demonstrated. Mark schemes should be read in conjunction with the published question papers and the report on the examination. OCR will not enter into any discussion or correspondence in connection with this mark scheme. OCR 2017

1 (a) e.g. Remote administration programme (1st) that is installed on the user s computer (1) so that the computer can be controlled by a third party (1). Writing mobile code/java/javascript/activex code (1st) to track which websites are visited (1) on a smartphone (1). Packet sniffing (1st) that captures packets of data (1) as they are being transferred/in transit (1). 6 Six marks for two full descriptions. MAX mark three per set of answers. First mark for the correct identification, plus two additional marks for valid description. Methods must relate to hacker and the use of their technical skills. DNA phishing, social engineering, guessing, etc. (b) e.g. For two marks Number of standing orders (1). Overdraft limit (1). Date of last cash withdrawal (1). 2 The identified data must be of use to access personal data by telephone banking. Scenario states that data will be taken from details of Humphrey s account. 3

(c) e.g. The bank will not be able to verify who he is (1) and so he may not be able to access his accounts (1). His home details will be lost (1) and so he will not receive statements/replaced cards, etc (1). Any other suitable implication (1) plus explanation (1). 2 Up to two marks for any suitable implication. First mark for identification of impact, 2 nd for expansion Data loss i.e. there is no data. Focus of this question is on data loss not data theft (d) e.g. Individual hacker more likely to be after money (1). So will target lots of individual accounts (1). Up to three marks for a full explanation Government unlikely to be interested in financial details (1). 3 Small scale attack for individual/large scale attack for Government (1). (e) i e.g. The team is more likely to solve the case (1) and so reassure the customer (1). React to attack faster (1) to be more prepared for next attack (1). Any other valid suggestion 2 Two marks for a full explanation Answer must be in context of importance to the customer Accept converse arguments about what happens if stage is not followed 4

(e) ii e.g. So that every stage is followed/so that the correct people are informed (1) which improves the chances of success (1). Customers can have confidence that the procedures for dealing with the attack (1) ensure that all aspects of the attack will be fully and correctly investigated (1). 2 Two marks for a full explanation Answer must be in context of importance to the customer Accept converse arguments about what happens if stage is not followed The procedures may be industry/banking standards (1) so all attacks are investigated in the same robust way (1). (e) iii e.g. So that the customer is kept informed (1) and so is less worried/is able to add more information (1). Good customer service (1) as the customer feels that they are part of the process (1). 2 Two marks for a full explanation Answer must be in context of importance to the customer Accept converse arguments about what happens if stage is not followed 5

2 (a) i e.g. Access to the data is restricted (1) to those who need access to it/kept away from those who don t need access (1). Data which is private / confidential (1) is kept private/ confidential (1). 2 Two marks for a full description Data is kept private with no expansion - award one mark only Data which has increased level of security required (1) to be accessed (1). (a) ii e.g. Humphrey s personal data could be used to answer a security question (1) and so allow the 3 rd party to pretend to be him (1). The 3 rd party is able to give private/personal information (1) and so appear to be him (1). 2 Two marks for an explanation of how data (or a named example of data) could be used to impersonate Humphrey 6

(b) e.g. If the data is accessed (1) by a 3rd party/hacker (1) then the data is useless to them (1). An algorithm is used to scramble the information/the plain text (1). A code is applied to the data (1). Encrypted message / data can only be read if deencrypted (1). Only holders of the encryption key are able to read the message (1) 3 Up to three marks for a full explanation. Read whole answer and mark to candidate s best advantage (c) e.g. Contact the mortgage company by phone/fresh email (1) to check that the email has been sent (1). Check for spelling errors (1) as phishing emails often have inaccuracies (1). Four marks for two full explanations. MAX mark two per set of answers First mark for the correct identification, plus one additional mark for valid explanation Look for personalisation within the email (1) as phishing emails are often very general (1). 4 Check that email is from correct the web address/domain name of the mortgage company (1) as phishing emails use similar seeming false addresses (1). 7

3 * Indicative Content Security may be compromised by allowing access directly from Social Media sites. Social media sites are outside of the direct control of the Dependable Bank and so may not be as reliable. Social media sites may have lower levels of security and so may offer an easier method of access to data. Data could be stolen and used for identity theft, with follow on consequences. Funds could be transferred from the customer s account. 10 Levels of response marking approach 7 10 marks Candidate has shown a detailed level of understanding by discussing more than one implication for customers if this facility was introduced. Relevant examples will be used to support discussion and ideas will be expressed clearly and fluently. There is a well-developed line of reasoning which is clear and logically structured. The information presented is relevant and substantiated. 4 6 marks Candidate has shown a good level of understanding by explaining at least one implication for customers if this facility was introduced. Some example (s) will be used to support explanations which may not be relevant and may at times detract from the fluency of the narrative. At the bottom of the mark band the candidate may have described a single implication. 8

There will be a line of reasoning presented with some structure. The information presented is in the most part relevant and supported by some evidence. 1 3 marks Candidate has identified point(s) relevant to the introduction of a social media platform on Dependable customers. Limited use of examples to accompany description and ideas will be poorly expressed. At the bottom of the mark band a single point related to the introduction of social media platforms may be identified with an example. The information is basic and is communicated in an unstructured manner. The information is supported by limited evidence and the relationship to the evidence may not be clear. 0 marks Nothing worthy of credit 9

Section B 4 e.g. Physical (1st) an intruder alarm could be placed in the room (1) where the servers are held (1). Firewall (1st) monitors network traffic (1) and controls the flow of data out of the system (1). Biometric (1 st ) 3 Up to three marks First mark is for identification of a method of Access Control. Second and third marks are for the description of the Access Control method. If candidate does not identify a form of access control, no marks are to be awarded. DO NOT award marks for encryption 5 (a) Indicative Content IPS uses real-time tracking and responds to identified attacks to block access to IP addresses Records are kept (audit logs, etc.) so that lessons may be learnt from previous attempts Student records are likely to be a low priority target for attack. Most attempts to gain access to data are likely to be by phonecall or other direct contact and so the use of audit trails and incident logs to create pro-forma responses allows staff to follow procedures, based on previous incidents. 7 Levels of response marking approach. 5 7 marks Candidate has justified the use of IPS to protect pupil data. Justification is based on clear reasoning supported by points explained in the argument, which are in turn supported by examples. Ideas will be expressed clearly and fluently. 3 4 marks Candidate has shown a good level of understanding of the use of IPS and has explained this in the context of the protection of pupil data. 10

The supporting argument may be lacking the use of examples, or where examples have been used, these are not used strongly, or the supporting argument may be poorly developed and lacking in detail. 1 2 marks Candidate has identified some points relevant to the use of IPS to protect pupil data. There may be some doubt that the candidate fully understands the term IPS. There may be examples, but these are not used as part of a coherent answer. 0 marks Nothing worthy of credit. 11

5 (b) e.g. Protection is the process of stopping an event happening (1) IPS monitor systems and react to them (1). Therefore, IPS systems react after the event (1). Delay in reaction can be very slight (1). Once IP address/ port/threat identified all traffic blocked from there (1). Conclusion based on points made (1). Use of suitable example (1). 6 Up to six marks. If no conclusion, MAX five. Read whole answer and mark to candidate s best advantage. The answer as a whole should be read and conclusion awarded if it is based on the points made. 1 mark may be awarded for an overall statement of the validity of the statement, even if not supported by arguments. 12

6 Marks Marking Protocol To be awarded comparisons the difference between a scammer and phisher must be clearly defined. 4 marks Two complete comparisons 3 marks One complete comparison and one individual point If a clear comparison is provided, then two marks may be awarded. The comparisons may not be consecutive in the answer. 2 marks One complete comparison 1 mark One individual point about either side Scammers send an email with a false link (1) a phisher directs the victim to a false website (1). Phishers tend to target many people at the same time (1) whilst a scammer tends to target on an individual basis (1). A scammer is cyber-enabled (1) whilst a phisher is cyberdependant (1). Scammers defraud their target/example provided (1) whilst phishers attempt to get personal details example provided which they then use (1). Scammers & phishers pretend to be something/ someone/an organisation which they are not (1). 4 13

OCR (Oxford Cambridge and RSA Examinations) 1 Hills Road Cambridge CB1 2EU OCR Customer Contact Centre Education and Learning Telephone: 01223 553998 Facsimile: 01223 552627 Email: general.qualifications@ocr.org.uk www.ocr.org.uk For staff training purposes and as part of our quality assurance programme your call may be recorded or monitored Oxford Cambridge and RSA Examinations is a Company Limited by Guarantee Registered in England Registered Office; 1 Hills Road, Cambridge, CB1 2EU Registered Company Number: 3484466 OCR is an exempt Charity OCR (Oxford Cambridge and RSA Examinations) Head office Telephone: 01223 552552 Facsimile: 01223 552553 OCR 2017

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback