A school stores sensitive data about students and staff.

(a) Identify two methods of physical security the school could use to restrict access to the server room.
(b) The school implements User Access Levels.
Explain what is meant by 'User Access Levels' and how this improves the security of the school's data.

A company requires employees to set a Strong Password for their accounts.

(a) State three characteristics that would make a password "strong".
(b) Some employees struggle to remember complex passwords and write them on sticky notes attached to their monitors.
Explain how Biometric measures could solve this problem and improve security.
(c) Even with strong passwords, the company is worried about Brute-force attacks.
Describe one software-based rule the company could enforce to prevent a brute-force attack from succeeding against a user's password.

A lawyer travels with a laptop containing confidential client files.

(a) The lawyer uses Encryption software on the laptop's hard drive.
Explain how encryption helps protect the client files if the laptop is stolen.
(b) Encryption uses an algorithm to scramble data.
Complete the sentence below:

A hospital uses a network to store patient records.

(a) Different staff members have different User Access Levels.
Complete the table below to suggest appropriate access rights (Read-Only, Read-Write, or No Access) for the following staff members regarding the "Patient Medical History" database.

Staff Role	Access Level	Reason
Doctor		Needs to view and update patient diagnosis.
Receptionist		Needs to confirm patient appointment times but not medical details.
Cleaner		Does not need to use the computer system.

(b) The hospital is concerned about Physical Security for the computers in the public waiting area.
Describe one physical method that could prevent the theft of the actual computer hardware (e.g., the monitor or tower).

A software developer is designing a login system for a banking app.

(a) The developer decides to implement Two-Step Verification (2SV) (also known as Multi-Factor Authentication).
Describe how Two-Step Verification works to prevent unauthorised access, even if a hacker knows the user's password.
(b) The bank wants to prevent Shoulder Surfing at their ATMs.
Suggest one physical design feature of an ATM or its environment that helps prevent shoulder surfing.

Extended Response
A large office building uses a combination of Physical Security and User Access Levels to protect its systems.

Discuss how these two methods work together to protect the company's data. In your answer, you should consider:

• How physical security stops access to hardware.
• How user access levels stop access to software/data.
• The consequences if only one of these methods was used.