Reference
Answer Key
Full answers for the review questions in every chapter. Try each question first, then check.
Chapter 1
The CIA Triad — Confidentiality, Integrity, Availability
- Define computer security in one sentence.Protecting information and systems from unauthorised access, change or disruption.
- Which pillar is broken when someone changes a grade in the database?Integrity.
- Give one school example of an availability failure.The school portal is down during online enrolment.
- Why is confidentiality alone not enough?Data can still be corrupted or made unavailable even if it is kept secret.
Chapter 2
Threat, Vulnerability, Risk and Attack
- Give one threat and one matching vulnerability for a student laptop.Threat: malware. Vulnerability: no antivirus / no updates.
- Write the risk formula.Risk = Threat × Vulnerability × Impact.
- Is a locked door a threat or a control?A control — it reduces vulnerability.
- Why can risk never be zero?Some threats and vulnerabilities always remain; risk can only be reduced, not eliminated.
Chapter 3
Case Study — Analysing a Real Cyber Incident
- What is the difference between an incident and a breach?A breach is a specific type of incident involving unauthorised access to data.
- Name two things a company usually does after a major breach.Notify affected users; patch the vulnerability; sometimes offer credit monitoring.
- Why is 'blaming the user' rarely the full answer?Systems should be designed to reduce user error; multiple layers usually failed.
Chapter 4
Malware Taxonomy
- What is the main difference between a virus and a worm?A virus needs a host program to spread; a worm spreads by itself over networks.
- Why is a trojan dangerous even though it does not self-replicate?It tricks the user into running it, giving attackers direct control.
- Give the safest immediate response to a ransomware note.Disconnect from the network, do not pay, report to IT, restore from backup.
Chapter 5
Phishing, Smishing and Vishing
- Name three warning signs of a phishing email.Urgency, misspelt domain, unexpected attachment (also generic greeting, hidden link, request for OTP).
- How do you check where a link really goes?Hover over it (desktop) or long-press (mobile) to preview the URL before clicking.
- What should you do if you already clicked a phishing link?Disconnect, change the affected password, enable MFA, run a malware scan, report to IT.
Chapter 6
Spot-the-Phish Poster and Antivirus Demo
- What is a malware signature?A unique pattern that identifies a known piece of malware.
- Why do we need heuristics in addition to signatures?Signatures only catch known malware; heuristics catch new variants by watching behaviour.
- What does 'quarantine' mean?Isolating a suspicious file so it cannot run or spread.
Chapter 7
Authentication Factors
- Name the three authentication factors.Something you know, something you have, something you are.
- Why is a fingerprint riskier than a password once leaked?You cannot change your fingerprint.
- Give one authentication method for each factor.Password (know), phone OTP (have), face unlock (are).
Chapter 8
Strong Passwords and Passphrases
- Why is a 20-character passphrase usually safer than an 8-character random password?The number of possible combinations grows exponentially with length.
- What is the main risk of re-using passwords?One leaked site exposes every other account that shares the password.
- How does a password manager help security?It generates and stores unique long passwords so users only remember one.
Chapter 9
Multi-Factor Authentication (MFA)
- Why is an authenticator app safer than SMS codes?Codes are generated on the device and cannot be intercepted by SIM swap.
- What is a recovery code used for?To log in when the second factor (phone) is lost or unavailable.
- Give one reason MFA blocks most account takeovers.Even a stolen password is useless without the second factor.
Chapter 10
Defence-in-Depth — Firewalls and Antivirus
- What does a firewall control?Incoming and outgoing network traffic based on rules.
- Give one thing antivirus catches that a firewall usually misses.Malicious files opened locally (e.g. a virus on a USB stick).
- State the defence-in-depth principle in one sentence.Use multiple overlapping controls so the failure of one does not compromise the whole system.
Chapter 11
OS Updates and Patching (Practical)
- What is a patch?A software fix that closes a security vulnerability.
- Why is auto-update recommended?It removes human delay and installs patches quickly.
- What is a zero-day?A vulnerability the vendor has not yet fixed.
Chapter 12
Backups — The 3-2-1 Rule
- State the 3-2-1 rule.3 copies, 2 media types, 1 offsite.
- Why do we test restores, not just backups?A backup that cannot be restored is worthless.
- Which backup type is fastest to create — full, incremental or differential?Incremental — it copies only what changed since the last backup.
Chapter 13
HTTPS, TLS and Certificates
- What does the padlock icon guarantee?That the connection is encrypted and the certificate was issued to that domain by a trusted CA — not that the site is honest.
- What is the role of a Certificate Authority?To verify domain ownership and issue trusted certificates.
- Should you ever bypass a certificate warning on a banking site?No — the identity of the server cannot be verified.
Chapter 14
Wi-Fi Security — WEP, WPA2, WPA3 and Public Wi-Fi
- Which Wi-Fi standard is currently the strongest?WPA3.
- Give one risk of connecting to open café Wi-Fi.Evil-twin hotspots, packet sniffing, or captive-portal phishing.
- How does a VPN help on public Wi-Fi?It encrypts all your traffic between the device and a trusted server, hiding it from the local network.
Chapter 15
Safe-Browsing 10 Rules and VPN Debate
- Name any four of the 10 safe-browsing rules.Any four from the list above.
- What is one thing a VPN cannot protect against?Phishing, malware download, or the VPN provider itself.
- Why is incognito mode not 'private'?It only hides local history; ISPs, sites and networks still see your activity.
Chapter 16
Why Laws for Cyberspace — Skim the Act
- Why can we not just use ordinary theft laws for hacking?Digital theft does not always remove the original; new laws define new offences.
- Name one offence commonly listed in a Cybercrime Act.Unauthorised access, identity fraud, data interference, etc.
- Why does jurisdiction complicate cybercrime cases?Attackers and victims are often in different countries with different laws.
Chapter 17
Scenario Analysis and Copyright
- What is the difference between plagiarism and copyright violation?Plagiarism is passing off work as your own; copyright violation is copying without permission.
- What does CC BY-NC allow?Reuse with attribution, but not for commercial purposes.
- Can something be legal but still plagiarism?Yes — copying a public-domain text into your essay without citation is plagiarism, not illegal copying.
Chapter 18
Class Digital Code of Conduct and Cyberbullying Response
- Name three forms of cyberbullying.Any three of: flaming, harassment, impersonation, outing, exclusion, sextortion.
- What is the first thing to do if you are being cyberbullied?Do not reply; save evidence.
- Why does bystander silence make bullying worse?It signals approval and isolates the target.
Chapter 19
Personal Data, PII and Digital Footprint
- Define PII with an example.Data that identifies an individual, e.g. name + ID number.
- Give one example of a passive footprint.IP address, cookies, GPS location, purchase history.
- Why is aggregation a risk?Innocent pieces of data can combine to identify or profile you.
Chapter 20
Privacy Settings — Hands-on
- What is the default audience on most platforms after signup?Public or nearly public.
- Why review connected apps?They may still have access to your data long after you stopped using them.
- Name one setting that reduces ad tracking.Turning off ad personalisation or limiting cookie use.
Chapter 21
Future-Self and Personal Online Rules
- State the grandma test.Would you be comfortable with your grandmother seeing this post?
- Why is 'delete' rarely enough?Screenshots and archives can preserve content forever.
- Why is consent important before posting about others?It respects their privacy and dignity.
Chapter 22
Common ICT Health Issues
- State the 20-20-20 rule.Every 20 minutes, look at something 20 feet away for 20 seconds.
- Give one cause of RSI.Repeated typing/mouse movements in poor posture.
- Why can screens disrupt sleep?Blue light suppresses melatonin.
Chapter 23
Workstation Ergonomics — Hands-on
- Where should the top of the screen be relative to your eyes?Roughly at eye level.
- What angle should your elbows form while typing?About 90°.
- Why avoid glare on the screen?It causes eye strain and forced posture changes.
Chapter 24
Lab Hazards, Electrical and Fire Safety
- Which extinguisher is safe for electrical fires?CO2 (or dry powder) — never water.
- Give two common lab hazards.Trailing cables, overloaded sockets, drinks near equipment, damaged plugs.
- What is the first step when you spot a fire?Raise the alarm.
Chapter 25
Concept Map — Topics 1 to 4
- Name one link between Topic 1 (Threats) and Topic 2 (Controls).Every control answers a specific threat, e.g. MFA answers password theft.
- Which topic covers cyberbullying?Topic 3 — Ethics, Law & Digital Citizenship.
- Which topic covers backups?Topic 2 — Protective Measures.
Chapter 26
Station Rotation — Mixed Practice
- Which topic scored lowest for you?Personal — record it and plan revision.
- Name one habit that helps you switch topics fast.Pausing to identify the topic before answering.
Chapter 27
Quiz Competition and Personal Revision Plan
- Why is active recall better than re-reading?It strengthens memory by forcing retrieval.
- How do you spot a weak topic from a quiz?Multiple wrong answers cluster in one topic.
Chapter 28
End-of-Term Written Examination
- What does 'Explain' usually require beyond 'State'?Reasons and examples, not just the fact.
- How do you decide time per question?Divide total time by total marks.
Chapter 29
Security Awareness Campaign Showcase
- What is a call to action?The single step you want your audience to do.
- Why is peer feedback valuable?It gives you a fresh perspective before real audiences see the work.
Chapter 30
Feedback, Reflection and Bridge to Grade 12
- What makes a goal SMART?Specific, Measurable, Achievable, Relevant, Time-bound.
- Give one reason reflection helps learning.It consolidates memory and highlights next steps.