OCR J277 - User Security Revision Tool

1 [5 Marks Total]

School Data Security.

(a) Two Physical security methods for the server room. [2]

Hint: Think about locks, biometric scanners, cameras, guards. Not passwords/firewalls.

(b) What are 'User Access Levels' and how do they improve security? [3]

✅ Mark Scheme

(a) Locked doors / Biometrics / CCTV / Security Guards (2)

(b) Restricting what users can do/see based on role (1). Limits access to sensitive data (1). Prevents accidental deletion (1).

Score yourself (Max 5):

2 [7 Marks Total]

Company Passwords.

(a) Three characteristics of a strong password. [3] (b) How do Biometrics help users who forget passwords? [2] (c) One software rule to stop Brute-force attacks. [2]

✅ Mark Scheme

(a) Length (8+ chars), Mixed case, Symbols/Numbers, No personal info.

(b) Uses physical traits (fingerprint) (1). Cannot be forgotten/lost (1).

(c) Account Lockout (after X failed attempts) (1) stops the trial-and-error process (1).

Score yourself (Max 7):

3 [4 Marks Total]

Encryption on a Lawyer's Laptop.

(a) How does encryption protect files if laptop is stolen? [2] (b) Complete the sentence: [2]
Unencrypted data is called text. Encrypted data is called text.

✅ Mark Scheme

(a) Scrambles data (1). Makes it unreadable without the key (1).

(b) Plain text (1). Cipher text (1).

Score yourself (Max 4):

4 [5 Marks Total]

(a) Suggest Access Levels for Hospital Staff. [3]

Role

Read-Write

Read-Only

No Access

Reason

Doctor

Diagnosis updates

Receptionist

Appt times only

Cleaner

No computer use

(b) One physical method to prevent theft of computer hardware (e.g., monitor). [2]

✅ Mark Scheme

Doctor: Read-Write (1)
Receptionist: No Access (best) or Read-Only (1)
Cleaner: No Access (1)

(b) Cable locks / Kensington locks / Bolting to desk (2). (Do not allow 'Lock door' - question asks about hardware theft in public area).

Score yourself (Max 5):

5 [5 Marks Total]

Banking App Security.

(a) How does Two-Step Verification (2SV) work? [3] (b) One physical design feature of ATM to prevent shoulder surfing. [2]

✅ Mark Scheme

(a) After password, code sent to second device (1). Hacker cannot login without physical device (1).

(b) Privacy screen / Winged guards / Screen positioning.

Score yourself (Max 5):

6 [6 Marks Total]

Extended Response: Discuss how Physical Security and User Access Levels work together. [6]

✅ Mark Scheme

Indicative Content:

Physical: Stops access to hardware (Server room locks). Stops theft.
Access Levels: Stops software access. Prevents insider threats/accidental deletion.
Combined: Physical stops the thief getting the server; Access Levels stop the cleaner accidentally deleting files. Both needed for complete security.

Score yourself (Max 6):