Unit 11 part B (part 1)
it won't let me post full part b cause there is a limit so i will make another post for it:
This paper must be read in conjunction with the unit information in the specification
and the BTEC Instructions for Conducting External Assessments (ICEA) document. See the
Pearson website for details.
Refer carefully to the instructions in this task booklet and the BTEC Instructions for
Conducting External Assessments (ICEA) document to ensure that the assessment is
supervised correctly.
Part A and Part B set tasks should be completed during the period of three weeks
timetabled by Pearson. Part A must be completed before starting Part B.
The 4-hour Part B set task must be carried out under supervised conditions.
The set task can be undertaken in more than one supervised session.
An electronic template for Activity 4 is available on the website for centres to download
for candidate use.
Learners must complete Part B on a computer using the templates provided and
appropriate software. All work must be saved as PDF documents for submission.
Teachers/Tutors and/or Invigilators may clarify the wording that appears in this task but
cannot provide any guidance in completion of Part B.
Teachers/Tutors and/or Invigilators should note that they are responsible for
maintaining security and for reporting issues to Pearson.
Maintaining security
• Learners must not bring anything into the supervised environment or take
anything out.
• Centres are responsible for putting in place appropriate checks to ensure that only
permitted material is introduced into the supervised environment.
• Internet access is not permitted.
• Learner’s work must be regularly backed up. Learners should save their work to their
folder using the naming instructions indicated in each activity.
• During any permitted break, and at the end of the session, materials must be kept
securely and no items removed from the supervised environment.
• Learners can only access their work under supervision.
• User areas must only be accessible to the individual learners and to named members
of staff.
• Any materials being used by learners must be collected in at the end of each session,
stored securely and handed back at the beginning of the next session.
• Following completion of Part B, all materials must be retained securely for
submission to Pearson.
• Part A materials must not be accessed during the completion of Part B.
3
Continue
W84538A
Outcomes for submission
Each learner must create a folder to submit their work. Each folder should be named
according to the following naming convention:
[Centre #]_[Registration number #]_[surname]_[first letter of first name]_U11B
Example: Joshua Smith with registration number F180542 at centre 12345 would have a
folder titled
12345_F180542_Smith_J_U11B
Each learner will need to submit 2 PDF documents within their folder. The 2 PDF
documents should use these file names:
Activity 4: activity4_incidentanalysis_[Registration number #]_[surname]_[first letter of
first name]
Activity 5: activity5_securityreport_[Registration number #]_[surname]_[first letter of
first name]
An authentication sheet must be completed by each learner and submitted with the
final outcomes.
The work should be submitted no later than 23 January 2026.
4
Continue
W84538A
Instructions for Learners
Read the set task information carefully.
Plan your time carefully to allow for the preparation and completion of all the activities.
Your centre will advise you of the timing for the supervised period. It is likely that you
will be given more than one timetabled session to complete these tasks.
Internet access is not allowed.
You will complete this set task under supervision and your work will be kept securely at
all times.
You must work independently throughout the supervised assessment period and must
not share your work with other learners.
Your invigilator may clarify the wording that appears in this task but cannot provide any
guidance in completion of the task.
Part A materials must not be accessed during the completion of Part B.
Outcomes for submission
You must create a folder to submit your work. Each folder should be named according
to the following naming convention:
[Centre #]_[Registration number #]_[surname]_[first letter of first name]_U11B
Example: Joshua Smith with registration number F180542 at centre 12345 would have a
folder titled
12345_F180542_Smith_J_U11B
You will need to submit 2 PDF documents within the folder. The 2 PDF documents
should use these file names:
Activity 4: activity4_incidentanalysis_[Registration number #]_[surname]_[first letter of
first name]
Activity 5: activity5_securityreport_[Registration number #]_[surname]_[first letter of
first name]
You must complete an authentication sheet before you hand your work into
your invigilator.
5
Continue
W84538A
Set Task Brief
The Cefurbo Sailing Academy
The Cefurbo Sailing Academy (CSA) project is now in its testing stage, before the official
opening at the end of January. The Project Manager is Viro D’Ordino.
There are three Wi-Fi networks:
• Visitor – free and open access to anyone.
• Premium – secured by WPA3. The password is only given to official visitors and
people staying at the academy.
• Admin – secured by WPA3 and restricted to the administration and IT centres.
A competitive sailing boat generates gigabytes of data during a race. This is transmitted
using a dedicated 5G system. The data is held in the IT centre and each support team
has its own virtual server and database.
Figure 1 shows a plan of the CSA site. The inset map shows the harbour and cell
tower locations.
Figure 1
There is a LAN connecting the buildings. The CSA computers use a secure version of
Linux, created by the government. Staff also use government mobile phones for both
internal and external communications. These use Android and have built-in encryption.
They use the Varma Loko Telecoms company cell towers.
6
Continue
W84538A
The CSA system is backed up daily to government servers at the Ministry of Sport. Team
data is not normally backed up. Teams may download its data to a suitable storage
device and/or request an image of its server.
Client brief
You advised Viro on cyber security matters last year. Now, a few weeks later, he wants
you to review a cyber security investigation.
He says that the Minister for Sport received an email on 28 December demanding
money and claiming that confidential diagnostic data from the trial event has been
hacked (see evidence items 2 and 3).
The incident was first investigated by the specialist in charge of testing the IT systems,
Cibero Estro. Cibero said the data was not confidential and not from the trial event (see
evidence item 1).
Cibero instructed a trainee technician, Juna Spertulo, to investigate and report as part of
their training (see evidence item 4).
Evidence items from the security incident at CSA
Evidence items include:
1. Cibero Estro’s memo
2. The email
3. Data table
4. Juna Spertulo’s report
5. Network diagram
6. Cyber security document.
7
Continue
W84538A
1. Cibero Estro’s memo
TO: Viro D’Ordino, Project Manager
FROM: Cibero Estro, Senior Systems Testing Manager
DATE: 29 December, 2025
SUBJECT: Extortion email
Further to our discussion at the Ministry yesterday. As I explained to the Minister and
yourself, I am not convinced this was a data breach. The data is obviously not from a
boat and is almost certainly just test data.
It is possible it came from the CSA system, but I think the ‘hackers’ would have included
a more convincing set of data if they had it.
I am therefore downgrading the incident from level 4 (Severe) to level 1 (Minor)
and have asked Juna Spertulo, an apprentice cyber technician, to investigate it as a
training exercise.
She is to pick her own Incident Response Team and treat the matter as a level 3 (Serious)
cyber security breach.
Juna has almost completed her training and I think this is a good opportunity for her to
show what she can do.
Please arrange the usual third-party review of her work.
2. The email
From: [email protected] 28/12/2025, 14:59
To: [email protected]
Subject: You have been pwned
Yesterday we hacked your shiny, new system at the Cefurbo Sailing Academy during a
sailing trial.
We copied the diagnostics data from the boats. It’s in the attached file so you know this
is real.
Imagine how the international sailing community would react if they knew. You might
have trouble at the opening event.
Don’t worry, it’s all fixable for a low price. Just send $50000 in Bitcoin to our wallet,
bc1d43UNd54eXiGm0qEM0h6r4h8n634to9jtp186es, and we’ll tell you how we
did it.
Hurry, the price will rise if you don’t take advantage of our early settlement offer.
The Pwnbears.
8
Continue
W84538A
3. Data table
All speeds shown in meters per second.
Time stamp True heading True speed
of boat
Speed
relative to
water
Wind angle
relative
to boat
heading
Wind
speed
relative to
boat
Degrees Minutes
2512271406 295 35 12.1 11.5 24 14
2512271407 297 42 12.2 11.3 22 16
2512271408 330 42 13.5 11.2 −13 17
2512271409 342 42 13.2 11.2 −25 17
2512271410 359 59 13.6 11.2 −39 18
2512271411 360 42 13.8 11.2 −39 18
2512271412 359 61 13.2 11.2 −40 18
2512271413 0 0 14 11.1 −40 18
2512271414 0 01 14.1 11.1 −42 18
2512271415 5 50 13.9 11.1 −51 160
2512271416 36 22 141 11.0 −80 15
2512271417 40 31 13.5 12.9 −92 16
9
Continue
W84538A
4. Juna Spertulo’s report
Incident TR20251229-01/3
Author: Juna Spertulo, Acting Computer Security Incident Response Team
(CSIRT) Leader.
Date: 31st December 2025
Terms of reference
The investigation is a training exercise, based on a level 1 incident at the Ministry of
Sport, Incident number SP202251228-01/4. It is to be treated as a level 3 event.
Cibero Estro, Senior Systems Testing Manager, will be the supervisor.
The investigation will start immediately, 09:30 on 29th December 2025, and be
completed by 18:00 on 31st December 2025.
This paper must be read in conjunction with the unit information in the specification
and the BTEC Instructions for Conducting External Assessments (ICEA) document. See the
Pearson website for details.
Refer carefully to the instructions in this task booklet and the BTEC Instructions for
Conducting External Assessments (ICEA) document to ensure that the assessment is
supervised correctly.
Part A and Part B set tasks should be completed during the period of three weeks
timetabled by Pearson. Part A must be completed before starting Part B.
The 4-hour Part B set task must be carried out under supervised conditions.
The set task can be undertaken in more than one supervised session.
An electronic template for Activity 4 is available on the website for centres to download
for candidate use.
Learners must complete Part B on a computer using the templates provided and
appropriate software. All work must be saved as PDF documents for submission.
Teachers/Tutors and/or Invigilators may clarify the wording that appears in this task but
cannot provide any guidance in completion of Part B.
Teachers/Tutors and/or Invigilators should note that they are responsible for
maintaining security and for reporting issues to Pearson.
Maintaining security
• Learners must not bring anything into the supervised environment or take
anything out.
• Centres are responsible for putting in place appropriate checks to ensure that only
permitted material is introduced into the supervised environment.
• Internet access is not permitted.
• Learner’s work must be regularly backed up. Learners should save their work to their
folder using the naming instructions indicated in each activity.
• During any permitted break, and at the end of the session, materials must be kept
securely and no items removed from the supervised environment.
• Learners can only access their work under supervision.
• User areas must only be accessible to the individual learners and to named members
of staff.
• Any materials being used by learners must be collected in at the end of each session,
stored securely and handed back at the beginning of the next session.
• Following completion of Part B, all materials must be retained securely for
submission to Pearson.
• Part A materials must not be accessed during the completion of Part B.
3
Continue
W84538A
Outcomes for submission
Each learner must create a folder to submit their work. Each folder should be named
according to the following naming convention:
[Centre #]_[Registration number #]_[surname]_[first letter of first name]_U11B
Example: Joshua Smith with registration number F180542 at centre 12345 would have a
folder titled
12345_F180542_Smith_J_U11B
Each learner will need to submit 2 PDF documents within their folder. The 2 PDF
documents should use these file names:
Activity 4: activity4_incidentanalysis_[Registration number #]_[surname]_[first letter of
first name]
Activity 5: activity5_securityreport_[Registration number #]_[surname]_[first letter of
first name]
An authentication sheet must be completed by each learner and submitted with the
final outcomes.
The work should be submitted no later than 23 January 2026.
4
Continue
W84538A
Instructions for Learners
Read the set task information carefully.
Plan your time carefully to allow for the preparation and completion of all the activities.
Your centre will advise you of the timing for the supervised period. It is likely that you
will be given more than one timetabled session to complete these tasks.
Internet access is not allowed.
You will complete this set task under supervision and your work will be kept securely at
all times.
You must work independently throughout the supervised assessment period and must
not share your work with other learners.
Your invigilator may clarify the wording that appears in this task but cannot provide any
guidance in completion of the task.
Part A materials must not be accessed during the completion of Part B.
Outcomes for submission
You must create a folder to submit your work. Each folder should be named according
to the following naming convention:
[Centre #]_[Registration number #]_[surname]_[first letter of first name]_U11B
Example: Joshua Smith with registration number F180542 at centre 12345 would have a
folder titled
12345_F180542_Smith_J_U11B
You will need to submit 2 PDF documents within the folder. The 2 PDF documents
should use these file names:
Activity 4: activity4_incidentanalysis_[Registration number #]_[surname]_[first letter of
first name]
Activity 5: activity5_securityreport_[Registration number #]_[surname]_[first letter of
first name]
You must complete an authentication sheet before you hand your work into
your invigilator.
5
Continue
W84538A
Set Task Brief
The Cefurbo Sailing Academy
The Cefurbo Sailing Academy (CSA) project is now in its testing stage, before the official
opening at the end of January. The Project Manager is Viro D’Ordino.
There are three Wi-Fi networks:
• Visitor – free and open access to anyone.
• Premium – secured by WPA3. The password is only given to official visitors and
people staying at the academy.
• Admin – secured by WPA3 and restricted to the administration and IT centres.
A competitive sailing boat generates gigabytes of data during a race. This is transmitted
using a dedicated 5G system. The data is held in the IT centre and each support team
has its own virtual server and database.
Figure 1 shows a plan of the CSA site. The inset map shows the harbour and cell
tower locations.
Figure 1
There is a LAN connecting the buildings. The CSA computers use a secure version of
Linux, created by the government. Staff also use government mobile phones for both
internal and external communications. These use Android and have built-in encryption.
They use the Varma Loko Telecoms company cell towers.
6
Continue
W84538A
The CSA system is backed up daily to government servers at the Ministry of Sport. Team
data is not normally backed up. Teams may download its data to a suitable storage
device and/or request an image of its server.
Client brief
You advised Viro on cyber security matters last year. Now, a few weeks later, he wants
you to review a cyber security investigation.
He says that the Minister for Sport received an email on 28 December demanding
money and claiming that confidential diagnostic data from the trial event has been
hacked (see evidence items 2 and 3).
The incident was first investigated by the specialist in charge of testing the IT systems,
Cibero Estro. Cibero said the data was not confidential and not from the trial event (see
evidence item 1).
Cibero instructed a trainee technician, Juna Spertulo, to investigate and report as part of
their training (see evidence item 4).
Evidence items from the security incident at CSA
Evidence items include:
1. Cibero Estro’s memo
2. The email
3. Data table
4. Juna Spertulo’s report
5. Network diagram
6. Cyber security document.
7
Continue
W84538A
1. Cibero Estro’s memo
TO: Viro D’Ordino, Project Manager
FROM: Cibero Estro, Senior Systems Testing Manager
DATE: 29 December, 2025
SUBJECT: Extortion email
Further to our discussion at the Ministry yesterday. As I explained to the Minister and
yourself, I am not convinced this was a data breach. The data is obviously not from a
boat and is almost certainly just test data.
It is possible it came from the CSA system, but I think the ‘hackers’ would have included
a more convincing set of data if they had it.
I am therefore downgrading the incident from level 4 (Severe) to level 1 (Minor)
and have asked Juna Spertulo, an apprentice cyber technician, to investigate it as a
training exercise.
She is to pick her own Incident Response Team and treat the matter as a level 3 (Serious)
cyber security breach.
Juna has almost completed her training and I think this is a good opportunity for her to
show what she can do.
Please arrange the usual third-party review of her work.
2. The email
From: [email protected] 28/12/2025, 14:59
To: [email protected]
Subject: You have been pwned
Yesterday we hacked your shiny, new system at the Cefurbo Sailing Academy during a
sailing trial.
We copied the diagnostics data from the boats. It’s in the attached file so you know this
is real.
Imagine how the international sailing community would react if they knew. You might
have trouble at the opening event.
Don’t worry, it’s all fixable for a low price. Just send $50000 in Bitcoin to our wallet,
bc1d43UNd54eXiGm0qEM0h6r4h8n634to9jtp186es, and we’ll tell you how we
did it.
Hurry, the price will rise if you don’t take advantage of our early settlement offer.
The Pwnbears.
8
Continue
W84538A
3. Data table
All speeds shown in meters per second.
Time stamp True heading True speed
of boat
Speed
relative to
water
Wind angle
relative
to boat
heading
Wind
speed
relative to
boat
Degrees Minutes
2512271406 295 35 12.1 11.5 24 14
2512271407 297 42 12.2 11.3 22 16
2512271408 330 42 13.5 11.2 −13 17
2512271409 342 42 13.2 11.2 −25 17
2512271410 359 59 13.6 11.2 −39 18
2512271411 360 42 13.8 11.2 −39 18
2512271412 359 61 13.2 11.2 −40 18
2512271413 0 0 14 11.1 −40 18
2512271414 0 01 14.1 11.1 −42 18
2512271415 5 50 13.9 11.1 −51 160
2512271416 36 22 141 11.0 −80 15
2512271417 40 31 13.5 12.9 −92 16
9
Continue
W84538A
4. Juna Spertulo’s report
Incident TR20251229-01/3
Author: Juna Spertulo, Acting Computer Security Incident Response Team
(CSIRT) Leader.
Date: 31st December 2025
Terms of reference
The investigation is a training exercise, based on a level 1 incident at the Ministry of
Sport, Incident number SP202251228-01/4. It is to be treated as a level 3 event.
Cibero Estro, Senior Systems Testing Manager, will be the supervisor.
The investigation will start immediately, 09:30 on 29th December 2025, and be
completed by 18:00 on 31st December 2025.
Quick Reply
Related discussions
- Unit 11 cybersecurity and incidents
- Unit 11 Cyber Security Incident Management and Unit 14 IT Service Delivery BTEC
- Unit 14 IT Service Delivery Part B
- Unit 14 IT Service Delivery Jan 2023 Exam Discussion
- BTEC IT level 3 unit 11 Cyber Security
- unit 14 IT service delivery jan 2026 part A
- Has any of you done Part B of Unit 14 exam - BTEC ICT Level 3 on IT Service Delivery
- unit 14 IT service delivery jan 2025
- unit 14 it service delivery june 2025
- Unit 14 2025 April
- unit 11 cyber security exam
- Unit 11 cybersecurity part b
- WJEC GCSE Mathematics - Numeracy Unit 1 (All levels) - 08 May 2025 [Exam Chat]
- Unit 11 Cyber Security Incident Management and Unit 14 IT Service Delivery BTEC
- Unit 11 Cyber Security Incident Management Paper
- BTEC IT Unit 11 cybersecurity exam paper 2026
- BTEC Unit 11 Exam Part A
- unit 11 Part B (final part)
- WJEC GCSE Mathematics Unit 2 (All levels) - Wednesday 11 June 2025 [Exam Chat]
- pls further maths help as
Latest
Trending
Last reply 1 month ago
OCR A-level Computer Science Paper 1 - 11th June 2025 [Exam Chat]Last reply 4 months ago
Microsoft Certification Discussion: Microsoft AZ-140 & AZ-400 Exam DifficultiesLast reply 5 months ago
How to Export Contacts from Lotus Notes to Outlook?Last reply 8 months ago
Survey Exchange for A level computer science NEALast reply 8 months ago
Prepared for OCR GCSE Computer Science Paper 2 2025Last reply 8 months ago
OCR A-level Computer Science Paper 2 - 18th June 2025 [Exam Chat]Last reply 8 months ago
AQA A-level Computer Science Paper 2 - 18th June 2025 [Exam Chat]Last reply 8 months ago
AQA A-level Computer Science Paper 1 - 11th June 2025 [Exam Chat]
How The Student Room is moderated
To keep The Student Room safe for everyone, we moderate posts that are added to the site.
