Level 3 Technical Level IT: NETWORKING Unit 6 Network security management Mark Scheme

Level 3 Technical Level IT: NETWORKING Unit 6 Network security management Thursday 16 May 2019 Morning Time allowed: 2 hours Materials For this paper you must have: • a ruler • a scientific calculator (non-programmable) • stencils or other drawing equipment (eg flowchart stencils). Instructions • Use black ink or black ball-point pen. • Fill in the boxes at the top of this page. • Answer all questions. • You must answer each question in the space provided. Do not write outside the box around each page or on blank pages. • Do all rough work in this book. Cross through any work you do not want to be marked. • If you need more space use the additional pages at the back of this booklet. Information • The marks for questions are shown in brackets. • The maximum mark for this paper is 80. There are 50 marks for Section A and 30 marks for Section B. Advice • In all calculations, show clearly how you work out your answer. • Use diagrams, where appropriate, to clarify your answers. • You are expected to use a calculator where appropriate. • You are reminded of the need for good English and clear presentation in your answers. Section A Answer all questions in this section. outside the box Cloud computing enables users to Tick () one box. [1 mark] access their files from home and college. avoid malware infection. encrypt everyone’s files. share unlimited bandwidth. User permissions Tick () one box. [1 mark] define communication between two or more devices. electronically confirm the user’s identity. enable access to specific resources on a network. validate data transfers. Which of the following is a wireless networking standard? Tick () one box. [1 mark] box DNS FTP SMTP TKIP Which technique could an attacker use to create an inventory of a network? Tick () one box. [1 mark] Banner grabbing Eavesdropping Pharming Pivoting Turn over for the next question Turn over ► In network security, a service level agreement (SLA) is a contract between Tick () one box. [1 mark] box administrator and manager. college and student. provider and customer. worker and employer. Turn over for the next question box Turn over ► Explain the benefits of a service level agreement (SLA). [4 marks] box . What is penetration testing? [2 marks] box . Explain how penetration testing works. [2 marks] Turn over for the next question *07* Turn over ► The technique of port scanning can be used legitimately or maliciously. box . Give two ways an auditor or network administrator could use port scanning legitimately. [2 marks] 1 2 . Give one way a hacker or attacker could use port scanning maliciously. [1 mark] *0* Turn over for the next question box Turn over ► Continuous Network Security Monitoring (CNSM) is advertised as a “key tool, automated and continuous”. box Explain the benefits of Continuous Network Security Monitoring (CNSM). [6 marks] In 2018, a series of scams targeted customers of a major UK bank. Some customers lost money as a result of a ‘man-in-the-middle attack’. box . Define a ‘man-in-the-middle attack’. [2 marks] . Describe the sequence of events that could result in a ‘man-in-the-middle attack’ taking money from a customer’s bank account. [4 marks] Turn over for the next question Turn over ► A virtual private network (VPN) can be used to secure communication across a network. Authenticated users are able to send and receive data remotely, eg between home and college. A local college has a VPN remote access policy document. box List the information that should be in the section headed remote user responsibilities. [6 marks] Turn over ► box Section B Answer all questions in this section. box . Explain how user authentication works. [6 marks] . Explain how network security protocols establish and maintain secure network communication. box [9 marks] Turn over for the next question Turn over ► In 2018, a major electrical retailer placed full-page notices in UK national newspapers. Each newspaper published the same full-page notice, the first paragraph of which stated: “Whenever you shop with us, we want you to feel confident your personal data is safe. If you’ve read or heard about the unauthorised access to our customer data which happened last year, you might be wondering whether it is.” The previous day, the same newspapers reported that a law firm was intending to act on behalf of some of the customers of the electrical retailer. These customers had had their data accessed. box . A risk has been defined as the ‘potential for loss or damage or destruction as a result of a threat exploiting a vulnerability’. Explain how this electrical retailer is attempting to control and mitigate their risk. [6 marks] . Discuss why a law firm has become involved. Include reference to the relevant legislation. [9 marks] box Extra space available on next page if required *17* Turn over ► box END OF QUESTIONS *1* If needed, use the following pages to continue your answers. Write the question number beside your answer. box Turn over ► box There are no questions printed on this page DO NOT WRITE ON THIS PAGE ANSWER IN THE SPACES PROVIDED box There are no questions printed on this page DO NOT WRITE ON THIS PAGE ANSWER IN THE SPACES PROVIDED box There are no questions printed on this page DO NOT WRITE ON THIS PAGE ANSWER IN THE SPACES PROVIDED box There are no questions printed on this page DO NOT WRITE ON THIS PAGE ANSWER IN THE SPACES PROVIDED box Copyright information For confidentiality purposes, from the November 2015 examination series, acknowledgements of third-party copyright material are published in a separate booklet rather than including them on the examination paper or support materials. This booklet is published after each examination series and is available for free download from after the live examination series. Permission to reproduce all copyright material has been applied for. In some cases, efforts to contact copyright-holders may have been unsuccessful and AQA will be happy to rectify any omissions of acknowledgements. If you have any queries please contact the Copyright Team, AQA, Stag Hill House, Guildford, GU2 7XJ. Copyright © 2019 AQA and its licensors. All rights reserved.