Practice A2.4 Network security with authentic IB Computer Science (First Exam 2027) exam questions for both SL and HL students. This question bank mirrors Paper 1, 2, 3 structure, covering key topics like programming concepts, algorithms, and data structures. Get instant solutions, detailed explanations, and build exam confidence with questions in the style of IB examiners.
A government agency implements advanced persistent threat (APT) detection capabilities across its classified network infrastructure.
Develop a comprehensive APT detection strategy covering network traffic analysis, endpoint behaviour monitoring, email security, DNS monitoring, and user behaviour analytics. Discuss the technologies, detection methods, time requirements, and coverage areas for each layer.
Analyse the specific challenges of detecting APTs that employ "living off the land" techniques using legitimate system tools.
A financial institution detects and responds to sophisticated cyber attacks using advanced network security tools.
Compare the capabilities of different security tools: IDS (Intrusion Detection Systems), IPS (Intrusion Prevention Systems), SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), and Network Analytics. Discuss their detection methods, response capabilities, scope, and automation levels.
Evaluate the role of Security Orchestration, Automation and Response (SOAR) in modern cybersecurity operations.
A cloud-native application development company implements DevSecOps practices to integrate security throughout the development lifecycle.
Compare traditional network security approaches with cloud-native security models, focusing on container security, service mesh architecture, and API security.
Explain how zero-trust networking principles apply to microservices architectures deployed in Kubernetes environments.
A healthcare network implements advanced persistent threat (APT) detection using behavioural analytics and threat hunting.
Describe how user and entity behaviour analytics (UEBA) systems establish baseline behaviours and detect anomalies that may indicate APT activity. Include specific examples of behavioural indicators.
Explain the threat hunting process and how it complements automated detection systems in identifying sophisticated attacks.
A multinational bank implements advanced threat intelligence and incident response capabilities.
Design a threat intelligence framework that incorporates feeds from multiple sources including commercial providers, government agencies, industry sharing groups, and internal security teams. Discuss data quality, timeliness, and integration challenges.
Evaluate how machine learning and artificial intelligence enhance threat detection capabilities while considering false positive rates and analyst workload.
A cryptocurrency exchange implements security measures to protect digital assets and customer funds.
Complete the cryptocurrency security architecture table:
| Security Component | Technology | Function | Risk Mitigation | Implementation Complexity | Regulatory Compliance |
|---|---|---|---|---|---|
| Cold Storage | — | Offline key storage | High | — | — |
| Multi-signature Wallets | — | — | Unauthorized transfers | — | AML/KYC requirements |
| Hardware Security Modules | HSM | — | — | — | — |
| Network Segmentation | — | Traffic isolation | Medium | — | — |
| Real-time Monitoring | — | — | — | High | Financial regulations |
Explain how distributed denial of service (DDoS) attacks specifically threaten cryptocurrency exchanges and describe mitigation strategies.
A smart grid utility company secures critical infrastructure networks against cyber threats.
Explain the unique security vulnerabilities of industrial control systems including SCADA systems, PLCs (Programmable Logic Controllers), and HMI (Human Machine Interface) devices. Discuss how these differ from traditional IT security challenges.
Analyse why operational technology (OT) networks require different security approaches compared to information technology (IT) networks, considering availability requirements, legacy systems, and safety implications.
A healthcare organization implements comprehensive network security to protect patient data and comply with privacy regulations.
Design a network security architecture table:
| Security Layer | Technology | Function | Protection Level | Performance Impact | Compliance Role |
|---|---|---|---|---|---|
| Perimeter | — | External threat blocking | Medium | — | — |
| Network Segmentation | VLANs, subnets | Data isolation | High | — | — |
| Access Control | — | User authentication | — | — | — |
| Data Protection | — | — | Very High | High | HIPAA compliance |
| Monitoring | SIEM, IDS | Audit trails | — | — | — |
Analyse how Zero Trust architecture principles apply to healthcare network security and discuss implementation challenges.
A cloud service provider implements multi-layered security for customers' sensitive data across distributed data centres.
Analyse encryption strategies across different network layers:
| Network Layer | Encryption Type | Key Management | Performance Impact | Use Case | Security Level |
|---|---|---|---|---|---|
| Application | Certificate-based | — | — | HTTPS, APIs | — |
| Transport | TLS/SSL | — | Medium | — | High |
| Network | Pre-shared keys | — | — | Site-to-site VPN | — |
| Data Link | Hardware-based | — | Low | — | Medium |
Explain how Perfect Forward Secrecy (PFS) enhances security in VPN communications and discuss its implementation challenges.
A multinational corporation implements a comprehensive firewall strategy across its global network infrastructure.
Distinguish between packet filter firewalls, stateful firewalls, application layer firewalls, and next-generation firewalls (NGFW). Compare their inspection capabilities, throughput performance, configuration complexity, security features, and optimal deployment scenarios.
Explain how Web Application Firewalls (WAF) provide security capabilities that complement traditional network firewalls.