Professional Documents
Culture Documents
07 September 2021
Marking Scheme
Markers are advised that, unless a task specifies that an answer be provided in a
particular form, then an answer that is correct (factually or in practical terms) must be
given the available marks. If there is doubt as to the correctness of an answer, the relevant
NCC Education materials should be the first authority.
This marking scheme has been prepared as a guide only to markers and there will
frequently be many alternative responses which will provide a valid answer.
Each candidate’s script must be fully annotated with the marker’s comments (where
applicable) and the marks allocated for each part of the tasks.
Where markers award half marks in any part of a task, they should ensure that the
total mark recorded for the task is rounded up to a whole mark.
Marker's comments:
Moderator's comments:
Marking Scheme
Explain the weakness associated with the use of HTTP on the website and explain the main
benefits of HTTPS compared to HTTP.
Marking Scheme
Page 2 of 14
Network Security and Cryptography © NCC Education Limited 2021
Benefits of HTTPS Benefits of Benefits of Benefits of Benefits of
over HTTP HTTPS over HTTPS over HTTPS over HTTPS over
• Creates secure HTTP HTTP HTTP HTTP
communication • Creates • Creates • Creates • Creates
between web secure secure secure secure
browser and web communication communication communication communication
server. between web between web between web between web
• Data sent and browser and browser and browser and browser and
received are web server. web server. web server. web server.
encrypted. • Data sent and • Data sent and • Data sent and • Data sent and
received are received are received are received are
encrypted. encrypted. encrypted. encrypted.
To enable HTTPS on the website, you must obtain a digital certificate from a Certificate
Authority (CA).
Marking Scheme
Page 4 of 14
Network Security and Cryptography © NCC Education Limited 2021
Question 2 – 25 marks (LO 3, 5 & 7)
The attackers gained access to the company’s network using a stolen administrator’s
username and password. They were able to steal electronic files and customer data
successfully.
Discuss access control mechanisms that can be implemented to protect the company’s
files, documents and customer data stored on hard drives from unauthorised access.
Marking Scheme
Page 5 of 14
Network Security and Cryptography © NCC Education Limited 2021
Part (b) - 15 marks
ii) Discuss two other methods that can be used to improve password authentication on
the company’s network.
Marking Scheme
Page 6 of 14
Network Security and Cryptography © NCC Education Limited 2021
Question 3 – 25 marks (LO 7)
The Chief Information Officer asked you to install firewalls and create a Demilitarised Zone
(DMZ). The company’s current network diagram is shown below.
Marking Scheme
Page 7 of 14
Network Security and Cryptography © NCC Education Limited 2021
0-1 marks 2-3 marks 4-5 marks
• No diagram • The diagram shows key • An excellent well-labelled diagram or
illustrating the answer components with some like the suggested diagram in the
OR omissions OR marking scheme OR
• Diagram included but • Major errors in the • Detailed diagram with few
rudimentary and diagram. inconsistencies.
incorrect.
Explain the difference between a stateful firewall and a deep packet inspection firewall. You
should highlight their relative advantages based on the scenario.
Marking Scheme
Page 8 of 14
Network Security and Cryptography © NCC Education Limited 2021
Part (c) - 10 marks
ii) Design a new diagram using a dual firewall to create a DMZ that prevents
unauthorised users from accessing the internal network but allows customers
access to the company’s web server.
Marking Scheme
Page 9 of 14
Network Security and Cryptography © NCC Education Limited 2021
Question 4 – 25 marks (LO 1, 7, 8 & 9)
The Chief Information Officer suggests that you configure a Virtual Private Network (VPN).
i) Explain how a VPN functions and how it can be used by the company based on the
scenario.
ii) VPNs use AES (Advanced Encryption Standard) encryption during remote
connections. Explain AES encryption and how it works.
Marking Scheme
Page 10 of 14
Network Security and Cryptography © NCC Education Limited 2021
Part (b) - 10 marks
The attackers had access to the company’s network for more than 60 days before they were
discovered.
i) Discuss security tools that could have been used to detect suspicious activities on
the company’s network.
ii) You discovered some access points on the internal network that supports Wired
Equivalent Privacy (WEP) security protocol. Discuss the security flaws associated
with WEP and highlight alternative secure wireless protocols.
Marking Scheme
Page 11 of 14
Network Security and Cryptography © NCC Education Limited 2021
• Secret keys can • Secret keys can • Secret keys •Some vendors •Some vendors
be 64 or 128 bits be 64 or 128 bits can be 64 or do supply 256- do supply 256-bit
long long 128 bits long bit key version key version
• Some vendors • Some vendors • Some vendors •Can hold up to •Can hold up to
do supply 256-bit do supply 256-bit do supply 256- four shared four shared
key version key version bit key version secret keys secret keys
• Can hold up to • Can hold up to • Can hold up to •One key is •One key is
four shared four shared four shared designated as designated as the
secret keys secret keys secret keys the default key default key
• One key is • One key is • One key is •Key size is one •Key size is one
designated as the designated as the designated as of the security of the security
default key default key the default key limitations in limitations in
• Key size is one • Key size is one • Key size is one WEP WEP
of the security of the security of the security
limitations in limitations in limitations in Alternative Alternative
WEP WEP WEP secure wireless secure wireless
protocols protocols include:
Alternative secure Alternative secure Alternative include:
wireless protocols wireless protocols secure wireless • WPA3
include: include: protocols • WPA3 • WPA2
include: WPA2 Enterprise
• WPA3 • WPA3 Enterprise
• WPA2 • WPA2 • WPA3
Enterprise Enterprise • WPA2
Enterprise
Page 12 of 14
Network Security and Cryptography © NCC Education Limited 2021
Learning Outcomes matrix
Grade descriptors
Page 14 of 14
Network Security and Cryptography © NCC Education Limited 2021