AQA GCSE BIOLOGY HIGHER TIER
PAPER 1H COMPREHENSIVE STUDY
GUIDE 2026 FULL QUESTIONS AND
SOLUTIONS GRADED A+
◍ Aditya is attempting to classify information regarding a new project that his
organization will undertake in secret. Which characteristic is not normally
used to make these types of classification decisions?.
Answer: Threat
◍ Antivirus, firewall, and email use policies belong to what part of a security
policy hierarchy?.
Answer: Functional policies in support of organization policy
◍ Applications represent the most common avenue for users, customers, and
attackers to access data, which means you must build the software to enforce
the security policy and to ensure compliance with regulations, including the
privacy and integrity of both data and system processes. Regardless of the
development model, the application must validate all input. Certain attacks
can take advantage of weak validation. One such attack provides script code
that causes a trusted user who views the input script to send malicious
commands to a web server. What is this called?.
Answer: Cross-site request forgery (XSRF)
◍ Biyu is a network administrator. She is developing the compliance aspect of
her company's security policy. Currently, she is focused on the records of
actions that the organization's operating system or application software
creates. What aspect of compliance is Biyu focusing on?.
Answer: Event logs
, ◍ Bob is preparing to dispose of magnetic media and wishes to destroy the
data stored on it. Which method is not a good approach for destroying data?.
Answer: Formatting
◍ Donnelly is an IT specialist. He is in charge of the server and network
appliances inventory. The infrastructure roadmap calls for a network
systems reconfiguration in the next six months. Adina, the security expert,
asks Donnelly to prepare a standardized list of all current and proposed
equipment and then to present it to her in a hardware configuration chart.
What does Adina tell Donnelly that the chart should include?.
Answer: Copies of all software configurations for routers and switches
◍ Hajar is a network engineer. She is creating a system of access involving
clearance and classification based on users and the objects they need in a
secure network. She is restricting access to secure objects by users based on
least privilege and which of the following?.
Answer: Need to know
◍ In an accreditation process, who has the authority to approve a system for
implementation?.
Answer: Authorizing official (AO)
◍ Janette is the director of her company's network infrastructure group. She is
explaining to the business owners the advantages and disadvantages of
outsourcing network security. One consideration she presents is the question
of who would be responsible for the data, media, and infrastructure. What
consideration is she describing?.
Answer: Ownership
◍ Lin is creating a template for the configuration of Windows servers in her
organization. The configuration includes the basic security settings that
should apply to all systems. What type of document should she create?.
Answer: Baseline
◍ Marguerite is creating a budget for a software development project. What
phase of the system life cycle is she undertaking?.
PAPER 1H COMPREHENSIVE STUDY
GUIDE 2026 FULL QUESTIONS AND
SOLUTIONS GRADED A+
◍ Aditya is attempting to classify information regarding a new project that his
organization will undertake in secret. Which characteristic is not normally
used to make these types of classification decisions?.
Answer: Threat
◍ Antivirus, firewall, and email use policies belong to what part of a security
policy hierarchy?.
Answer: Functional policies in support of organization policy
◍ Applications represent the most common avenue for users, customers, and
attackers to access data, which means you must build the software to enforce
the security policy and to ensure compliance with regulations, including the
privacy and integrity of both data and system processes. Regardless of the
development model, the application must validate all input. Certain attacks
can take advantage of weak validation. One such attack provides script code
that causes a trusted user who views the input script to send malicious
commands to a web server. What is this called?.
Answer: Cross-site request forgery (XSRF)
◍ Biyu is a network administrator. She is developing the compliance aspect of
her company's security policy. Currently, she is focused on the records of
actions that the organization's operating system or application software
creates. What aspect of compliance is Biyu focusing on?.
Answer: Event logs
, ◍ Bob is preparing to dispose of magnetic media and wishes to destroy the
data stored on it. Which method is not a good approach for destroying data?.
Answer: Formatting
◍ Donnelly is an IT specialist. He is in charge of the server and network
appliances inventory. The infrastructure roadmap calls for a network
systems reconfiguration in the next six months. Adina, the security expert,
asks Donnelly to prepare a standardized list of all current and proposed
equipment and then to present it to her in a hardware configuration chart.
What does Adina tell Donnelly that the chart should include?.
Answer: Copies of all software configurations for routers and switches
◍ Hajar is a network engineer. She is creating a system of access involving
clearance and classification based on users and the objects they need in a
secure network. She is restricting access to secure objects by users based on
least privilege and which of the following?.
Answer: Need to know
◍ In an accreditation process, who has the authority to approve a system for
implementation?.
Answer: Authorizing official (AO)
◍ Janette is the director of her company's network infrastructure group. She is
explaining to the business owners the advantages and disadvantages of
outsourcing network security. One consideration she presents is the question
of who would be responsible for the data, media, and infrastructure. What
consideration is she describing?.
Answer: Ownership
◍ Lin is creating a template for the configuration of Windows servers in her
organization. The configuration includes the basic security settings that
should apply to all systems. What type of document should she create?.
Answer: Baseline
◍ Marguerite is creating a budget for a software development project. What
phase of the system life cycle is she undertaking?.
