OCR J277 Mark Scheme - DoS & Interception

OCR	GCSE (9-1) Computer Science Mark Scheme J277/01: Unit 1.4 DoS & Data Interception

Question	Answer	Marks	Guidance
1a	Flooding	1
1b	Packet Sniffer	1	Allow: Sniffer.
1c	Bandwidth	1	Allow: Processor / RAM / Memory.
2a	Denial of Service / DoS	1	Do not allow: DDoS (Distributed) - The question specifies a single IP address, which implies a standard DoS, not a distributed one.
2b	The attacker sends more requests than the server can handle (flooding). (1) This consumes the server's bandwidth / CPU cycles / RAM. (1) The server cannot process legitimate requests from real customers (causing a timeout/crash). (1)	3	Simply saying "It slows the computer down" is NE (Not Enough). Must reference consumption of resources.
2c	One from: Loss of revenue / sales. Loss of customer trust / reputational damage. Costs to fix the server.	1	Do not allow: "Data theft" or "Installing viruses". DoS attacks generally do not involve stealing data.
3a	The hacker uses packet sniffing software... (1) ...to monitor/capture the data packets travelling across the wireless network. (1)	2	Key concept: "monitoring" or "capturing" traffic as it travels.
3b	A Firewall protects the computer/device from unauthorised access (incoming/outgoing traffic). (1) It does not protect data once it leaves the computer and travels across the network/internet. (1)	2	Misconception: Firewalls are "gatekeepers" for the device; they cannot stop someone sniffing packets on the wire/airwaves outside.
3c	It uses Encryption (HTTPS). (1) This scrambles the data so if it is intercepted, it is unreadable / meaningless (without the key). (1)	2	Do not allow: "It stops the data being intercepted." (Encryption stops understanding, not interception).
4a	DoS Purpose: To shutdown a web server / prevent access for legitimate users. (1) Interception Purpose: To steal confidential information / passwords / data. (1)	2	Clear distinction required: Disruption vs. Theft.
4b	DoS Prevention: Firewall (to blacklist the flooding IP). (1) Bandwidth limits / Rate limiting. (1) Interception Prevention: Encryption / VPN. (1) Not using public Wi-Fi / Using wired connections. (1)	4	Ensure prevention matches the attack. "Strong Passwords" is NE for Interception. "Anti-virus" is NE for DoS.