What are the main cybersecurity threats to a computer system or network, and how does each one work?
The common cybersecurity threats: malware, phishing, social engineering, brute-force attacks, denial-of-service attacks and SQL injection, and how each one works.
An Eduqas GCSE Computer Science answer on the common cybersecurity threats (malware, phishing, social engineering, brute force, denial of service and SQL injection), explaining how each attack works.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
Eduqas wants you to describe the common cybersecurity threats to a system or network: malware, phishing, social engineering, brute-force attacks, denial-of-service attacks and SQL injection, and to explain how each works. Each is usually a "describe" or "explain" question, so a clear sentence on the mechanism and the aim of each is what scores.
Malware
Phishing and social engineering
Brute force and denial of service
SQL injection
Try this
Q1. Name one type of malware and state what it does. [2 marks]
- Cue. For example ransomware: it encrypts the user's files and demands payment to unlock them.
Q2. State the aim of a denial-of-service attack. [1 mark]
- Cue. To make a service unavailable by flooding it with requests.
Q3. Describe how a brute-force attack works. [1 mark]
- Cue. It tries many possible passwords or keys until the correct one is found, to gain unauthorised access.
Exam-style practice questions
Practice questions written in the style of WJEC Eduqas exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
Eduqas Component 1, 20224 marksExplain what is meant by phishing and by social engineering, and state how they differ.Show worked answer →
Phishing (up to 2 marks): sending fake emails or messages, or setting up fake websites, that pretend to be from a trusted organisation to trick people into revealing personal data such as passwords or bank details.
Social engineering (up to 2 marks): manipulating or deceiving people into giving away information or access, exploiting human trust rather than a technical weakness (for example pretending to be IT support over the phone, or shoulder surfing).
Difference: phishing is a specific online form of social engineering (usually by email); social engineering is the broader category of tricking people. Markers reward both definitions and the link between them.
Eduqas Component 1, 20234 marksDescribe how a brute-force attack and a denial-of-service attack each work, and state the aim of each.Show worked answer →
Brute force (up to 2 marks): an attacker systematically tries many possible passwords or keys, often automatically, until the correct one is found; the aim is to gain unauthorised access to an account or system.
Denial of service (up to 2 marks): an attacker floods a server or network with so many requests that it cannot respond to legitimate users; the aim is to make the service unavailable, not to steal data.
Markers reward "tries many passwords until one works" for brute force and "floods with requests to make it unavailable" for denial of service, plus the correct aim of each.
Related dot points
- LANs and WANs and the benefits and drawbacks of networking, and the bus, star and mesh network topologies with their advantages and disadvantages.
An Eduqas GCSE Computer Science answer on LANs and WANs, the benefits and drawbacks of networking, and the bus, star and mesh topologies with the advantages and disadvantages of each.
- Wired and wireless connections and their advantages and disadvantages, and the purpose of common network hardware: the network interface card (NIC), switch, router and wireless access point.
An Eduqas GCSE Computer Science answer comparing wired and wireless connections and describing the purpose of common network hardware: the NIC, switch, router and wireless access point.
- The internet, the World Wide Web and DNS, and the purpose of the common protocols: TCP/IP, HTTP, HTTPS, FTP, SMTP, POP and IMAP.
An Eduqas GCSE Computer Science answer on the internet, the World Wide Web and DNS, and the purpose of the common protocols (TCP/IP, HTTP, HTTPS, FTP, SMTP, POP and IMAP).
- The methods used to protect a system (firewalls, encryption, passwords and biometrics), and data management including the need for and types of backup.
An Eduqas GCSE Computer Science answer on the methods used to protect a system (firewalls, encryption, passwords, biometrics) and on data management, including why backups matter and full versus incremental backup.
- The concept of a layered model for network protocols, the role of layers, and the advantages of using a layered approach.
An Eduqas GCSE Computer Science answer on the layered model of network protocols: what a layer is, how the layers work together, the four-layer TCP/IP stack, and the advantages of a layered approach.
Sources & how we know this
- WJEC Eduqas GCSE Computer Science specification (from 2016) — Eduqas (2020)