OCR J277/01 Unit Test - System Security

OCR

Oxford Cambridge and RSA
GCSE (9-1) Computer Science

Computer Systems

J277/01

Topic: Unit 1.4 System Security

Time allowed: 30 minutes

Centre number						Candidate number
First name						Last name

INSTRUCTIONS

Use black ink.
Answer all the questions.

INFORMATION

The total mark for this paper is 34.
The marks for each question are shown in brackets [ ].

Turn over

1

Tick (✓) one box in each row to identify the specific threat described.

[4]

Description of Threat	Phishing	Brute-force	SQL Injection	Data Interception
Software used to monitor and capture network traffic packets.
Malicious code entered into a website form to manipulate a database.
An automated software tool used to guess passwords through trial and error.
Emails sent to a user pretending to be a legitimate company to steal personal data.

2

A bank is concerned about Social Engineering attacks against its staff.

(a) Define what is meant by 'Social Engineering'.

[2]

(b) Phishing and Pharming are two forms of social engineering.
Explain one difference between them.

[2]

(c) Shoulder Surfing (or 'Blagging') is another form of social engineering.
Describe how a shoulder surfing attack takes place.

[2]

Turn over

3

A web server hosting an online shop has become very slow and is now crashing repeatedly, denying access to legitimate customers.

(a) Identify the type of attack described above.

[1]

(b) Explain how this attack works and why it causes the website to crash.

[3]

4

Malware poses a significant risk to computer systems.

(a) Describe the difference between a Virus and Spyware.

[4]

Virus:

Spyware:

(b) Ransomware has infected a school's network.
Describe the specific impact this threat has on the school's data.

[2]

5

A programmer is developing a website that uses a database to store user login details.

(a) Explain the concept of an SQL Injection attack.

[3]

[Image of sql injection diagram] (b) Identify one consequence of a successful SQL Injection attack on the database.

[1]

Turn over

6

A user is setting up a new account on a website.

(a) Describe how a Brute-force attack would attempt to gain access to this account.

[2]

(b) The website uses a "lockout policy" after three failed attempts.
Explain how this prevents a brute-force attack from succeeding.

[2]

(c) State two other measures (one software, one physical) that could help prevent unauthorised access to a single computer.

[2]

Software:

Physical:

(d) The user visits a coffee shop and logs into the website using public Wi-Fi.
Explain why Data Interception is a higher risk on this network and what the user should check for in the URL bar to mitigate this.

[4]

END OF QUESTION PAPER

OCR 2026