Grade 11 ITC · Term 4 · Digital Security Textbook
Reference

Answer Key

Full answers for the review questions in every chapter. Try each question first, then check.

Chapter 1

The CIA Triad — Confidentiality, Integrity, Availability

Open chapter →
  1. Define computer security in one sentence.
    Protecting information and systems from unauthorised access, change or disruption.
  2. Which pillar is broken when someone changes a grade in the database?
    Integrity.
  3. Give one school example of an availability failure.
    The school portal is down during online enrolment.
  4. Why is confidentiality alone not enough?
    Data can still be corrupted or made unavailable even if it is kept secret.
Chapter 2

Threat, Vulnerability, Risk and Attack

Open chapter →
  1. Give one threat and one matching vulnerability for a student laptop.
    Threat: malware. Vulnerability: no antivirus / no updates.
  2. Write the risk formula.
    Risk = Threat × Vulnerability × Impact.
  3. Is a locked door a threat or a control?
    A control — it reduces vulnerability.
  4. Why can risk never be zero?
    Some threats and vulnerabilities always remain; risk can only be reduced, not eliminated.
Chapter 3

Case Study — Analysing a Real Cyber Incident

Open chapter →
  1. What is the difference between an incident and a breach?
    A breach is a specific type of incident involving unauthorised access to data.
  2. Name two things a company usually does after a major breach.
    Notify affected users; patch the vulnerability; sometimes offer credit monitoring.
  3. Why is 'blaming the user' rarely the full answer?
    Systems should be designed to reduce user error; multiple layers usually failed.
Chapter 4

Malware Taxonomy

Open chapter →
  1. What is the main difference between a virus and a worm?
    A virus needs a host program to spread; a worm spreads by itself over networks.
  2. Why is a trojan dangerous even though it does not self-replicate?
    It tricks the user into running it, giving attackers direct control.
  3. Give the safest immediate response to a ransomware note.
    Disconnect from the network, do not pay, report to IT, restore from backup.
Chapter 5

Phishing, Smishing and Vishing

Open chapter →
  1. Name three warning signs of a phishing email.
    Urgency, misspelt domain, unexpected attachment (also generic greeting, hidden link, request for OTP).
  2. How do you check where a link really goes?
    Hover over it (desktop) or long-press (mobile) to preview the URL before clicking.
  3. What should you do if you already clicked a phishing link?
    Disconnect, change the affected password, enable MFA, run a malware scan, report to IT.
Chapter 6

Spot-the-Phish Poster and Antivirus Demo

Open chapter →
  1. What is a malware signature?
    A unique pattern that identifies a known piece of malware.
  2. Why do we need heuristics in addition to signatures?
    Signatures only catch known malware; heuristics catch new variants by watching behaviour.
  3. What does 'quarantine' mean?
    Isolating a suspicious file so it cannot run or spread.
Chapter 7

Authentication Factors

Open chapter →
  1. Name the three authentication factors.
    Something you know, something you have, something you are.
  2. Why is a fingerprint riskier than a password once leaked?
    You cannot change your fingerprint.
  3. Give one authentication method for each factor.
    Password (know), phone OTP (have), face unlock (are).
Chapter 8

Strong Passwords and Passphrases

Open chapter →
  1. Why is a 20-character passphrase usually safer than an 8-character random password?
    The number of possible combinations grows exponentially with length.
  2. What is the main risk of re-using passwords?
    One leaked site exposes every other account that shares the password.
  3. How does a password manager help security?
    It generates and stores unique long passwords so users only remember one.
Chapter 9

Multi-Factor Authentication (MFA)

Open chapter →
  1. Why is an authenticator app safer than SMS codes?
    Codes are generated on the device and cannot be intercepted by SIM swap.
  2. What is a recovery code used for?
    To log in when the second factor (phone) is lost or unavailable.
  3. Give one reason MFA blocks most account takeovers.
    Even a stolen password is useless without the second factor.
Chapter 10

Defence-in-Depth — Firewalls and Antivirus

Open chapter →
  1. What does a firewall control?
    Incoming and outgoing network traffic based on rules.
  2. Give one thing antivirus catches that a firewall usually misses.
    Malicious files opened locally (e.g. a virus on a USB stick).
  3. State the defence-in-depth principle in one sentence.
    Use multiple overlapping controls so the failure of one does not compromise the whole system.
Chapter 11

OS Updates and Patching (Practical)

Open chapter →
  1. What is a patch?
    A software fix that closes a security vulnerability.
  2. Why is auto-update recommended?
    It removes human delay and installs patches quickly.
  3. What is a zero-day?
    A vulnerability the vendor has not yet fixed.
Chapter 12

Backups — The 3-2-1 Rule

Open chapter →
  1. State the 3-2-1 rule.
    3 copies, 2 media types, 1 offsite.
  2. Why do we test restores, not just backups?
    A backup that cannot be restored is worthless.
  3. Which backup type is fastest to create — full, incremental or differential?
    Incremental — it copies only what changed since the last backup.
Chapter 13

HTTPS, TLS and Certificates

Open chapter →
  1. What does the padlock icon guarantee?
    That the connection is encrypted and the certificate was issued to that domain by a trusted CA — not that the site is honest.
  2. What is the role of a Certificate Authority?
    To verify domain ownership and issue trusted certificates.
  3. Should you ever bypass a certificate warning on a banking site?
    No — the identity of the server cannot be verified.
Chapter 14

Wi-Fi Security — WEP, WPA2, WPA3 and Public Wi-Fi

Open chapter →
  1. Which Wi-Fi standard is currently the strongest?
    WPA3.
  2. Give one risk of connecting to open café Wi-Fi.
    Evil-twin hotspots, packet sniffing, or captive-portal phishing.
  3. How does a VPN help on public Wi-Fi?
    It encrypts all your traffic between the device and a trusted server, hiding it from the local network.
Chapter 15

Safe-Browsing 10 Rules and VPN Debate

Open chapter →
  1. Name any four of the 10 safe-browsing rules.
    Any four from the list above.
  2. What is one thing a VPN cannot protect against?
    Phishing, malware download, or the VPN provider itself.
  3. Why is incognito mode not 'private'?
    It only hides local history; ISPs, sites and networks still see your activity.
Chapter 16

Why Laws for Cyberspace — Skim the Act

Open chapter →
  1. Why can we not just use ordinary theft laws for hacking?
    Digital theft does not always remove the original; new laws define new offences.
  2. Name one offence commonly listed in a Cybercrime Act.
    Unauthorised access, identity fraud, data interference, etc.
  3. Why does jurisdiction complicate cybercrime cases?
    Attackers and victims are often in different countries with different laws.
Chapter 17

Scenario Analysis and Copyright

Open chapter →
  1. What is the difference between plagiarism and copyright violation?
    Plagiarism is passing off work as your own; copyright violation is copying without permission.
  2. What does CC BY-NC allow?
    Reuse with attribution, but not for commercial purposes.
  3. Can something be legal but still plagiarism?
    Yes — copying a public-domain text into your essay without citation is plagiarism, not illegal copying.
Chapter 18

Class Digital Code of Conduct and Cyberbullying Response

Open chapter →
  1. Name three forms of cyberbullying.
    Any three of: flaming, harassment, impersonation, outing, exclusion, sextortion.
  2. What is the first thing to do if you are being cyberbullied?
    Do not reply; save evidence.
  3. Why does bystander silence make bullying worse?
    It signals approval and isolates the target.
Chapter 19

Personal Data, PII and Digital Footprint

Open chapter →
  1. Define PII with an example.
    Data that identifies an individual, e.g. name + ID number.
  2. Give one example of a passive footprint.
    IP address, cookies, GPS location, purchase history.
  3. Why is aggregation a risk?
    Innocent pieces of data can combine to identify or profile you.
Chapter 20

Privacy Settings — Hands-on

Open chapter →
  1. What is the default audience on most platforms after signup?
    Public or nearly public.
  2. Why review connected apps?
    They may still have access to your data long after you stopped using them.
  3. Name one setting that reduces ad tracking.
    Turning off ad personalisation or limiting cookie use.
Chapter 21

Future-Self and Personal Online Rules

Open chapter →
  1. State the grandma test.
    Would you be comfortable with your grandmother seeing this post?
  2. Why is 'delete' rarely enough?
    Screenshots and archives can preserve content forever.
  3. Why is consent important before posting about others?
    It respects their privacy and dignity.
Chapter 22

Common ICT Health Issues

Open chapter →
  1. State the 20-20-20 rule.
    Every 20 minutes, look at something 20 feet away for 20 seconds.
  2. Give one cause of RSI.
    Repeated typing/mouse movements in poor posture.
  3. Why can screens disrupt sleep?
    Blue light suppresses melatonin.
Chapter 23

Workstation Ergonomics — Hands-on

Open chapter →
  1. Where should the top of the screen be relative to your eyes?
    Roughly at eye level.
  2. What angle should your elbows form while typing?
    About 90°.
  3. Why avoid glare on the screen?
    It causes eye strain and forced posture changes.
Chapter 24

Lab Hazards, Electrical and Fire Safety

Open chapter →
  1. Which extinguisher is safe for electrical fires?
    CO2 (or dry powder) — never water.
  2. Give two common lab hazards.
    Trailing cables, overloaded sockets, drinks near equipment, damaged plugs.
  3. What is the first step when you spot a fire?
    Raise the alarm.
Chapter 25

Concept Map — Topics 1 to 4

Open chapter →
  1. Name one link between Topic 1 (Threats) and Topic 2 (Controls).
    Every control answers a specific threat, e.g. MFA answers password theft.
  2. Which topic covers cyberbullying?
    Topic 3 — Ethics, Law & Digital Citizenship.
  3. Which topic covers backups?
    Topic 2 — Protective Measures.
Chapter 26

Station Rotation — Mixed Practice

Open chapter →
  1. Which topic scored lowest for you?
    Personal — record it and plan revision.
  2. Name one habit that helps you switch topics fast.
    Pausing to identify the topic before answering.
Chapter 27

Quiz Competition and Personal Revision Plan

Open chapter →
  1. Why is active recall better than re-reading?
    It strengthens memory by forcing retrieval.
  2. How do you spot a weak topic from a quiz?
    Multiple wrong answers cluster in one topic.
Chapter 28

End-of-Term Written Examination

Open chapter →
  1. What does 'Explain' usually require beyond 'State'?
    Reasons and examples, not just the fact.
  2. How do you decide time per question?
    Divide total time by total marks.
Chapter 29

Security Awareness Campaign Showcase

Open chapter →
  1. What is a call to action?
    The single step you want your audience to do.
  2. Why is peer feedback valuable?
    It gives you a fresh perspective before real audiences see the work.
Chapter 30

Feedback, Reflection and Bridge to Grade 12

Open chapter →
  1. What makes a goal SMART?
    Specific, Measurable, Achievable, Relevant, Time-bound.
  2. Give one reason reflection helps learning.
    It consolidates memory and highlights next steps.