Mark Schemes BTEC Level 3 National Extended Certificate in IT
Mark Scheme — Predicted Paper 3
Unit 1: Information Technology Systems
BTEC Level 3 National Extended Certificate in Information Technology
Paper Reference
RA10/IT/U1/PP3
Total marks
90
For levels-based questions, use the Level Descriptors holistically alongside the indicative content. Indicative content is not a checklist — reward any well-developed, contextualised response.
For revision purposes only. Not an official Pearson qualification document.
Question 1 — AutoTech Manufacturing (22 marks)
(a)Define the term 'embedded system'.1 mark
A dedicated computer system / microcontroller built into a device to perform a specific, predefined function (1)
A computer system within a larger device that performs a dedicated function (1)
Accept equivalent definition — must convey 'built into a device' and 'specific/dedicated purpose'
(b)Give two implications for AutoTech Manufacturing of introducing IoT-connected devices on the factory floor.2 marks
Machines can be monitored in real time, allowing predictive maintenance to reduce downtime (1)
IoT devices are internet-connected, increasing the number of potential entry points for cyber attacks (1)
Production data can be collected and analysed to optimise manufacturing processes (1)
Large quantities of sensor data will be generated, requiring data storage and processing infrastructure (1)
IoT devices may require firmware updates to maintain security (1)
(c)Describe three benefits of using a real-time operating system (RTOS) for AutoTech's robotic assembly lines.3 marks
Award one mark per benefit, up to three marks.
Tasks are completed within guaranteed time constraints / deadlines (1)
The RTOS can prioritise safety-critical responses over routine tasks (1)
Deterministic behaviour makes the robotic system reliable and predictable (1)
Suitable for running resource-limited embedded hardware with minimal memory overhead (1)
Multiple processes can be managed concurrently without missing time-critical production signals (1)
(d)Explain two factors AutoTech should consider when designing the network for its factory sites.4 marks
Award one mark for identification and one mark for linked justification, up to four marks.
Security (1) — the factory network carries production data and is connected to IoT devices; unauthorised access could disrupt production or cause safety incidents (1)
Reliability / uptime (1) — production line downtime is extremely costly; the network must have redundancy to minimise outage time (1)
Bandwidth / speed (1) — real-time IoT sensor data from assembly lines requires sufficient bandwidth to avoid bottlenecks (1)
Physical environment (1) — factory floors may have electromagnetic interference from machinery; shielded cabling or appropriate Wi-Fi standards must be chosen (1)
(e)Discuss the implications of introducing a multi-user operating system across AutoTech's shared engineering workstations.6 marks — Levels
Indicative Content
Multiple engineers can share the same workstations without accessing each other's CAD files / project data
File permissions assigned per user role ensure engineers only access relevant files — critical in a competitive manufacturing environment
Centralised user account management: IT can add, modify, or disable accounts without touching each machine
System resources (CPU, memory) are allocated across concurrent users, which may reduce performance for intensive CAD tasks
If the OS or centralised authentication system fails, all users on that system are affected simultaneously
Software licences for multi-user environments may be more expensive
Security: audit trails can be maintained to track which user accessed which design files
Reduces hardware cost — fewer workstations needed as multiple engineers share each one
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic application of multi-user OS knowledge. Limited reference to manufacturing or engineering context. (AO2)
2
3–4
Good application covering at least two benefits and drawbacks for a manufacturing environment. (AO2/AO3a)
3
5–6
Comprehensive application covering file permissions, resource management, centralised control, security, cost, and the specific needs of engineers sharing workstations on a factory floor. (AO2/AO3a)
(f)Discuss the implications for AutoTech Manufacturing of using cloud analytics to process sensor data from the factory floor.6 marks — Levels
Indicative Content
Scalable processing: cloud can handle large volumes of real-time IoT sensor data without on-premise infrastructure
Cost: pay-for-use model may be more cost-effective than buying and maintaining analytics servers
Production insights: analytics can identify production line inefficiencies and predict maintenance needs
Security: sensitive production data leaves the factory network and is processed externally — intellectual property risk
Internet dependency: if connectivity fails, real-time analytics are unavailable — potential production impact
Data sovereignty: production data stored in cloud must remain within UK/relevant jurisdiction
Latency: real-time decisions on the factory floor may require low-latency processing which cloud may not always guarantee
Vendor lock-in: reliance on a specific cloud analytics provider makes switching difficult
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic application about cloud computing. Limited reference to manufacturing context. (AO2)
2
3–4
Good application covering benefits and risks of cloud analytics in a manufacturing setting. (AO2/AO3a)
3
5–6
Comprehensive application. Covers scalability, cost, IP security, latency, connectivity dependency, and data sovereignty, clearly contextualised to a factory floor IoT environment. (AO2/AO3a)
Question 1 Total: 22 marks
Question 2 — Broadmore University Library (22 marks)
(a)Identify the wireless technology used for short-range device connections such as keyboards and mice.1 mark
Bluetooth (1)
Do not accept: Wi-Fi / NFC / infrared for Bluetooth connections
(b)Explain why lossless compression is used for archiving research papers in the digital repository.2 marks
Lossless compression reduces the file size of the documents (1) while ensuring every single bit of data is preserved exactly when the file is decompressed, so the academic content is not altered (1)
Unlike lossy compression, lossless compression does not discard any data (1) which is essential for academic texts where every word and citation must be retained accurately (1)
(c)Describe three factors that could affect the performance of Wi-Fi in the library's study areas.3 marks
Award one mark per factor, up to three marks.
Physical distance from the access point (1) — signal strength decreases over greater distances
Number of concurrent users on the same access point (1) — bandwidth is shared, reducing speed per device
Interference from other Wi-Fi networks or electronic devices operating on the same frequency (1)
The Wi-Fi standard in use (1) — older standards such as 802.11n have lower maximum speeds than 802.11ac or Wi-Fi 6
(d)Explain two differences between a LAN and a WAN.4 marks
Award one mark for identification and one mark for linked explanation, up to four marks.
Geographic scale (1) — a LAN covers a limited area such as a single building or campus, whereas a WAN spans large geographic distances, potentially connecting sites in different countries (1)
Ownership (1) — a LAN is typically owned and managed by one organisation, whereas a WAN uses infrastructure provided by external telecommunications companies (1)
Speed (1) — LANs typically offer higher data transfer speeds (Gbps) than WANs, which are constrained by distance and shared infrastructure (1)
Cost (1) — setting up a LAN is generally less expensive than a WAN, which requires leased lines or carrier services (1)
(e)Discuss the implications for the library of choosing Wi-Fi rather than Ethernet for student workstations in the study areas.6 marks — Levels
Indicative Content
Wi-Fi: students can move around the study space with laptops and mobile devices — flexibility for users
Wi-Fi: no need to cable every desk — lower installation cost for a large library reading room
Wi-Fi: signal can be affected by physical obstacles (bookshelves, walls) reducing reliability at certain positions
Wi-Fi: bandwidth is shared between concurrent users — 100+ students online simultaneously will experience slower speeds
Wi-Fi: signals can be intercepted — greater security risk if students access unencrypted connections
Ethernet: provides a dedicated, faster and more reliable connection per workstation
Ethernet: more secure — data confined to physical cables, harder to intercept
Ethernet: expensive to run cabling to every desk in a large reading room; inflexible if layout changes
Hybrid approach: Ethernet for fixed staff workstations; Wi-Fi for student zones
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic application. Considers only one technology with limited development. (AO2)
2
3–4
Good application comparing Wi-Fi and Ethernet across at least two factors, with reference to the library context. (AO2/AO3a)
3
5–6
Comprehensive application. Discusses flexibility, installation cost, shared bandwidth, security, and reliability for both options, clearly contextualised to a large library with 100+ concurrent student users. Considers a hybrid approach. (AO2/AO3a)
(f)Draw a diagram to show how a library file moves from server to user.6 marks
Award one mark for each appropriate device, stage or annotation shown, up to a maximum of six marks.
Marking Guidance:
Library server and file source shown — 1 mark
Compression stage shown — 1 mark
Network transfer shown — 1 mark
User device and decompression shown — 1 mark
User opening the final file shown — 1 mark
Annotations and arrows showing data movement — 1 mark
Accept any other appropriate diagram showing devices/systems used, file movement and clear annotations.
Question 2 Total: 22 marks
Question 3 — Westview Sports Club (22 marks)
(a)Identify the cloud service model in which a provider supplies computing infrastructure such as virtual servers.1 mark
Infrastructure as a Service / IaaS (1)
Do not accept: SaaS / PaaS
(b)Give two benefits to the coaching team of using a VPN to access the club's systems remotely.2 marks
Data sent between the coach's device and the club's systems is encrypted, protecting sensitive athlete performance data from interception (1)
The coach appears to be connecting from the club's network, allowing access to systems restricted to the internal network (1)
Security is maintained even when using public Wi-Fi at competition venues (1)
(c)Describe three considerations for Westview Sports Club when managing its online community platform for members.3 marks
Award one mark per consideration, up to three marks.
Privacy (1) — member data shared on the platform must be protected under UK GDPR
Security (1) — member accounts must be protected against unauthorised access with strong authentication
Acceptable use policy (1) — rules must be in place to prevent inappropriate or abusive posts between members
Accessibility (1) — the platform must work on mobile devices and be accessible for members with disabilities
Downtime (1) — if the platform is unavailable, members lose access to session booking and club communications
Moderation (1) — staff time is needed to monitor and moderate content posted to the community area
(d)Explain two benefits to Westview Sports Club of adopting collaborative working tools.4 marks
Award one mark for identification and one mark for linked justification, up to four marks.
Real-time document collaboration (1) — multiple coaches and the admin team can update training programmes and event rotas simultaneously, avoiding version conflicts (1)
Communication efficiency (1) — messaging and video call tools reduce the need for in-person or phone-based communication, saving time when coordinating events across different sites (1)
Remote working (1) — volunteer coaches who are not on site can participate fully in club planning without attending the sports centre (1)
Shared calendar access (1) — all staff see the same up-to-date fixture schedule, reducing double-booking errors (1)
(e)Discuss the implications for Westview Sports Club of enabling coaches and administrators to work remotely.6 marks — Levels
Indicative Content
Flexibility: coaches can prepare training plans and respond to members from any location
Recruitment: ability to recruit volunteer coaches who are geographically distant from the club
Security: athlete performance and medical data accessed remotely must be protected
VPN required for all remote access to club management systems
Device security: coaches' personal devices used for work must be secured with encryption and password
GDPR: personal data about members (including health/injury data for athletes) must be protected when accessed remotely
Monitoring: IT manager cannot monitor remote device usage as easily as on-premise workstations
Training: staff need guidance on secure remote working practices
Acceptable use policy must cover remote working with club data
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic application about remote working. Limited reference to sports club context. (AO2)
2
3–4
Good application covering operational benefits and security/GDPR risks of remote working. (AO2/AO3a)
3
5–6
Comprehensive application covering flexibility, security measures (VPN, device encryption), GDPR obligations for member data, monitoring challenges, and training requirements, applied to a sports club context. (AO2/AO3a)
(f)Discuss the security threats Westview Sports Club faces and the measures it should implement to protect its data.6 marks — Levels
Indicative Content
Threats: phishing emails targeting staff to steal login credentials
Threats: ransomware encrypting member records and financial data, disrupting operations
Threats: brute-force attacks on the member portal login page
Threats: physical access to the server/admin area by unauthorised visitors at the sports centre
Measures: MFA on all staff and admin accounts
Measures: strong password policy and account lockout after failed attempts
Measures: firewall and antivirus/malware protection
Measures: regular offsite backups to enable recovery from ransomware without paying a ransom
Measures: staff training on phishing recognition
Measures: physical security on server room and IT equipment
Measures: HTTPS on the member portal for all online transactions
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic application listing some security threats or measures. Limited development. (AO2)
2
3–4
Good application covering a range of threats and corresponding measures applied to the sports club. (AO2/AO3a)
3
5–6
Comprehensive application. Discusses multiple specific threats (phishing, ransomware, brute-force, physical) and a range of proportionate countermeasures (MFA, backups, firewall, training, physical security), contextualised to the sports club's member data and online portal. (AO2/AO3a)
Question 3 Total: 22 marks
Question 4 — Lakeland Housing Association (24 marks)
(a)Define the term 'ransomware'.1 mark
Malicious software that encrypts the victim's files and demands a payment (ransom) in exchange for the decryption key (1)
Malware that locks or encrypts data and demands payment for its release (1)
(b)Give two impacts on Lakeland Housing Association caused by a 48-hour IT system outage following the ransomware attack.2 marks
Staff unable to process maintenance requests or repairs, leaving tenants without essential services (1)
Reputational damage — tenants and media become aware of the attack (1)
Staff productivity significantly reduced during recovery period (1)
(c)Describe a backup procedure that would have reduced the impact of the ransomware attack.3 marks
Award one mark per correct element, up to three marks.
Regular, frequent automated backups of all tenant and operational data (at least daily) (1)
Backups stored offsite or in the cloud, physically separate from the main network (1)
Air-gapped backup — offline backups not connected to the network so they cannot be encrypted by ransomware (1)
Tested recovery process — backups should be regularly tested to verify files can be successfully restored (1)
Versioned backups — multiple restore points maintained so data can be restored to a point before infection (1)
(d)Explain two physical security measures Lakeland Housing Association should implement to protect its server room.4 marks
Award one mark for identification and one mark for linked justification, up to four marks.
Key card / PIN-based access control (1) — only authorised IT staff can enter the server room, preventing physical tampering or theft of storage media (1)
CCTV camera monitoring the server room door (1) — records all access attempts and deters unauthorised entry, providing evidence if a physical breach occurs (1)
Mantrap / secure airlock (1) — prevents tailgating where an unauthorised person enters the server room by following an authorised member of staff (1)
Visitor sign-in log (1) — all maintenance staff who visit the server room are recorded, creating an audit trail (1)
(e)Discuss the ethical implications for Lakeland Housing Association of storing highly sensitive information about vulnerable tenants.6 marks — Levels
Indicative Content
Data includes mental health conditions, domestic abuse history, child protection concerns — all special category data
Tenants are in a vulnerable position and have limited power to protect their own data — ethical duty of care
Privacy: tenants have a reasonable expectation that sensitive personal circumstances are kept confidential
Data minimisation — the association should only store data essential for housing management, not speculative records
Security obligation — given the sensitivity, the organisation has an especially strong ethical obligation to secure data
Consent: tenants must be informed why data is collected and must not feel coerced into providing sensitive information
Data sharing: sharing health or welfare information with other agencies must have a clear lawful basis and tenant awareness
Impact of a breach: exposure of tenant data could cause direct harm — tenants could face risks to personal safety
Staff training and access restrictions are ethically required to limit exposure of sensitive data
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–2
Basic ethical discussion. Considers privacy or security with limited application to the housing context. (AO2)
2
3–4
Good application of ethical principles to the housing association's data. Discusses at least two ethical considerations with reference to the vulnerability of tenants. (AO2/AO3a)
3
5–6
Comprehensive application. Covers duty of care, data minimisation, consent, security obligations, impact of breaches on vulnerable individuals, and data sharing ethics, clearly contextualised to a housing association with vulnerable tenants. (AO2/AO3a)
(f)Evaluate the range of security measures Lakeland Housing Association should implement to protect its systems and tenant data following the ransomware attack. Justify which measures should be prioritised.8 marks — Levels
Indicative Content
Antivirus/anti-malware software — detects and blocks known ransomware; must be kept up to date
Firewall — filters incoming and outgoing traffic; reduces attack surface
Multi-factor authentication (MFA) on all staff accounts — prevents ransomware spreading via stolen credentials
Regular offline/air-gapped backups — most important mitigation: allows data recovery without paying ransom
Staff training on phishing — ransomware most commonly delivered via phishing email; human layer of defence
Patch management — keeping OS and software updated closes known vulnerabilities used by ransomware
Network segmentation — limits ransomware spread to other parts of the network if one system is infected
Incident response plan — tested recovery procedure reduces downtime if another attack occurs
PRIORITISATION: Offline backups and staff training should be top priority as they directly address both prevention (training) and recovery (backups) for the most damaging attack vector. MFA is also critical as credential theft is a common ransomware entry point. Physical security and network segmentation are important but second-tier given the financial constraints of a housing association.
Level
Mark
Descriptor
0
0
No rewardable material.
1
1–3
Basic knowledge of some security measures. Lists measures without contextualising to the housing association or justifying prioritisation. (AO2)
2
4–6
Good application covering a range of security measures for the housing association, with some analysis of their effectiveness. Some attempt at prioritisation with justification. (AO2/AO3a/AO3b)
3
7–8
Comprehensive application. Evaluates a full range of security measures (antivirus, firewall, MFA, backups, training, email filtering, patching, segmentation) against the context of a ransomware-targeted housing association. Makes and justifies a clear prioritisation decision, acknowledging organisational constraints and the most likely attack vectors. (AO2/AO3a/AO3b)