How do we detect and prevent cyber attacks?
Understand the methods used to detect and prevent cyber security threats, including penetration testing, anti-malware, firewalls, user access levels, passwords and encryption.
A focused answer to AQA GCSE Computer Science 3.6, covering the methods used to detect and prevent cyber security threats, including penetration testing, anti-malware, firewalls, user access levels, passwords and encryption.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
AQA wants you to describe the methods used to detect and prevent cyber security threats, including penetration testing, anti-malware software, firewalls, user access levels, strong passwords and encryption, and explain how each helps.
Penetration testing
Anti-malware and firewalls
These two defend different layers: the firewall guards the boundary by filtering network traffic, while anti-malware deals with malicious software that reaches a device. Used together they stop both unauthorised connections and harmful programs.
User access levels and passwords
Encryption and user training
Detection versus prevention
It helps to separate methods that prevent attacks from those that detect them. Prevention reduces the chance of a successful attack: firewalls block unwanted connections, strong passwords and access levels make accounts hard to break and limit their reach, encryption protects data even if stolen, and patching removes vulnerabilities. Detection finds problems so they can be dealt with: anti-malware scanning detects malicious software, monitoring spots unusual activity such as repeated failed logins, and penetration testing detects weaknesses before attackers do. A complete strategy needs both, because some attacks will get past prevention and must be caught, and prevention alone cannot find weaknesses you do not know about.
Try this
Q1. State the purpose of penetration testing. [2 marks]
- Cue. To deliberately attack a system with permission to find vulnerabilities before real attackers do, so they can be fixed.
Q2. Explain how user access levels improve security. [2 marks]
- Cue. They limit what each user can see and do, so a compromised account can do less damage.
Exam-style practice questions
Practice questions written in the style of AQA exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
AQA 20204 marksDescribe two methods an organisation could use to protect its systems from cyber threats, explaining how each method reduces risk.Show worked answer →
Anti-malware software: it scans for, detects and removes malicious software and can block known threats, reducing the risk that a virus, worm or trojan damages the system or steals data.
User access levels: each user is given only the access they need to do their job, so if an account is compromised the attacker can reach less of the system, limiting the damage. (Other valid methods: firewalls, strong passwords, encryption, penetration testing, user training.)
Markers reward two distinct named methods, each with an explanation of how it reduces risk, not just a definition.
AQA 20224 marksExplain what penetration testing is, why an organisation would carry it out, and why it must be done with permission.Show worked answer →
Penetration testing is deliberately attacking a system, using the same techniques as a real attacker, to find vulnerabilities. An organisation carries it out so that weaknesses are discovered and fixed before real attackers can exploit them, improving security proactively.
It must be done with permission because, without authorisation, attacking a system (even to test it) is illegal under computer misuse law and could disrupt live services. Permission and an agreed scope make it a controlled, authorised test rather than a real attack.
Markers reward the definition (authorised simulated attack), the purpose (find and fix weaknesses first), and the legal reason permission is required.
Related dot points
- Understand the main cyber security threats, including the difference between vulnerabilities and attacks, and forms such as brute-force and denial-of-service attacks.
A focused answer to AQA GCSE Computer Science 3.6, covering the main cyber security threats, the difference between vulnerabilities and attacks, and forms such as brute-force and denial-of-service attacks.
- Understand social engineering, including phishing, shouldering and pretexting, and why people are often the weakest point in security.
A focused answer to AQA GCSE Computer Science 3.6, covering social engineering, including phishing, shouldering and pretexting, and why people are often the weakest point in security.
- Understand what malware is and the main forms, including viruses, worms, trojans, spyware and ransomware, and the harm each can cause.
A focused answer to AQA GCSE Computer Science 3.6, covering what malware is and the main forms (viruses, worms, trojans, spyware and ransomware) and the harm each can cause.
- Understand the methods used to keep a network secure, including authentication, encryption, firewalls and MAC address filtering.
A focused answer to AQA GCSE Computer Science 3.5.4, covering the methods used to keep a network secure, including authentication, encryption, firewalls and MAC address filtering.
Sources & how we know this
- AQA GCSE Computer Science (8525) specification — AQA (2020)