Time allowed: 30 minutes
| Centre number |
| | | |
|
Candidate number |
| | | |
| First name |
|
Last name |
INSTRUCTIONS
- Use black ink.
- Answer all the questions.
INFORMATION
- The total mark for this paper is 21.
- The marks for each question are shown in brackets [ ].
Turn over
Section A: Knowledge & Theory
1
The Computer Misuse Act (1990) identifies three specific levels of offence.
Complete the table below by stating the missing offences.
[2]
| Level |
Offence |
| 1 |
Unauthorised access to computer material. |
| 2 |
|
| 3 |
Unauthorised acts with intent to impair the operation of a computer. |
2
Which one of the following actions is illegal under the Computer Misuse Act (1990)? Tick one box.
[1]
| Sending an email with a rude subject line. |
|
| Using a friend's computer after they have logged in and given you permission. |
|
| Guessing a teacher's password to look at their grade book. |
|
| Storing personal data without encryption. |
|
3
Explain the meaning of the term
'unauthorised' in the context of the Computer Misuse Act.
[2]
Turn over
Section B: Application & Scenarios
4
For each of the following scenarios, identify which specific level of offence (1, 2, or 3) has been committed under the Computer Misuse Act (1990).
(a) A student guesses a friend’s password and logs into their social media account just to see their private messages. They do not change anything.
[1]
(b) A disgruntled employee introduces a virus onto the company network which deletes important project files.
[1]
(c) A hacker gains access to a bank's computer system in order to transfer money into their own account.
[1]
5
A school student creates a script that floods the school's web server with traffic, causing it to crash (a Denial of Service attack).
(a) Identify which piece of legislation makes this act illegal.
[1]
(b) Explain why this act falls under
Level 3 of the Computer Misuse Act (Unauthorised acts with intent to impair).
[2]
6
A programmer is authorised to access a database to update customer addresses. They decide to use this access to look up the salaries of their colleagues, which they do not have permission to view.
Explain why this is still an offence under the Computer Misuse Act, even though they have a valid username and password.
[2]
Turn over
Section C: Extended Response
7
A large company employs a "Penetration Tester" (White Hat Hacker) to test their network security. The tester intentionally hacks into the company system to find weaknesses.
Discuss why the actions of the Penetration Tester are legal, whereas a malicious hacker performing the exact same actions would be breaking the Computer Misuse Act.
In your answer, refer to:
- The concept of authorisation.
- The intent of the actions.
[5]
END OF QUESTION PAPER