Predicted Paper 2 — BTEC IT Unit 1

RA10

PREDICTED PAPERS

BTEC Level 3 IT Unit 1 • Spring 2026

PREDICTED PAPER 2

BTEC Level 3 National Extended Certificate

Information Technology
Unit 1: IT Systems

Paper Reference: RA10/IT/U1/PP2 • 90 marks • 2 hours

Topics Covered in This Paper

Q1E-commerce systems, data protection legislation, GDPR responsibilities[E1, F2]

Q2Encryption, digital certificates, GDPR compliance, secure remote access[D2, F2]

Q3Hybrid cloud infrastructure, cloud service models, network topology[B2, C1]

Q4Data retention policies, backups, disaster recovery, cyber-security threats[D1, D2, F2]

Candidate Details

Name

Centre/School

Candidate Number

Date

Question	1	2	3	4	Total
Marks Available	22	22	22	24	90
Marks Awarded

Instructions

Answer ALL questions
Use black ink or pen
Fill in your details
Show working where required

Information

Marks shown in brackets
Answer in spaces provided
Read questions carefully
Check answers at the end

QUESTION 1 — 22 marks

Thornton's Furniture — E-Commerce Business

An online furniture retailer operates an e-commerce website allowing customers to browse and purchase products. The website processes payment information and stores customer data including delivery addresses, email addresses, and purchase history. The company uses a MySQL database to store customer records.

(a)Identify one type of cyberattack that could target an e-commerce website.(1)

(b)Explain one reason why the e-commerce website should implement data encryption for customer payment information.(2)

(c)Describe three backup strategies Thornton's could use to protect customer data.(3)

(d)Explain two benefits of using a relational database like MySQL for storing customer information.(4)

1

2

QUESTION 1 (continued)

(e)Discuss the security implications of storing customer payment information on the Thornton's e-commerce website.(6)

QUESTION 1 (continued)

(f)Discuss the measures Thornton's should implement to comply with Data Protection legislation when storing customer data.(6)

Question 1 Total: 22 marks

QUESTION 2 — 22 marks

Goldstone Solicitors — GDPR & Data Protection

A legal firm handles sensitive client information including personal details, financial records, and case documentation. The firm must comply with GDPR and Data Protection legislation. Staff work from a main office and remote locations, accessing files through a secure network.

(a)State one key principle of GDPR related to processing personal data.(1)

(b)Explain one reason why the solicitors must use HTTPS and VPN when staff access client files remotely.(2)

(c)Describe three measures to ensure only authorized staff can access confidential client information.(3)

(d)Explain two GDPR requirements for handling client personal data.(4)

1

2

QUESTION 2 (continued)

(e)Discuss the implications for Goldstone Solicitors of a data breach involving client personal data.(6)

QUESTION 2 (f) — Flowchart

(f)Draw a flowchart to show the process for secure handling of client data from login to deletion.(6)

The flowchart should include:

staff login to access data
data sent securely
data stored securely
data used by authorised staff
secure deletion at end of retention period
annotations to show key steps and outcomes

Use this page to draw your flowchart.

Question 2 Total: 22 marks

QUESTION 3 — 22 marks

Pinnacle Pension Fund — Hybrid Cloud Infrastructure

A pension fund manages sensitive financial data for thousands of members using a hybrid cloud approach. Some data is stored on private servers on-premise while other data is stored on public cloud servers. The organization is concerned about security and compliance when data moves between these environments.

(a)Define what is meant by a hybrid cloud computing model.(1)

(b)Give two advantages of using a hybrid cloud approach for a pension fund.(2)

(c)Describe three security risks when data is transferred between private and public cloud environments.(3)

(d)Explain two ways the pension fund should secure data when moving it between cloud environments.(4)

1

2

QUESTION 3 (continued)

(e)Discuss the implications for Pinnacle Pension Fund of using a public cloud component in a hybrid cloud infrastructure, including service reliability and cost control.(6)

QUESTION 3 (continued)

(f)Discuss the implications, other than security, for staff and customers when pension member services are moved to cloud systems.(6)

Question 3 Total: 22 marks

QUESTION 4 — 24 marks

Evergreen Recruitment — Data Retention Policies

A recruitment agency holds data on thousands of job candidates including CVs, contact details, and interview records. The company needs clear data retention policies to manage storage space and comply with regulations. Some data is archived on backup servers while other data is deleted after a retention period.

(a)Explain what is meant by a data retention policy.(1)

(b)Give two benefits of having clear data retention and deletion procedures.(2)

(c)Describe three methods for securely deleting candidate data that is no longer needed.(3)

(d)Explain two legal requirements Evergreen Recruitment must consider when implementing a data retention policy.(4)

1

2

QUESTION 4 (continued)

(e)Discuss the implications for Evergreen Recruitment of storing candidate data on backup servers for extended periods.(6)

QUESTION 4 (continued)

(f)Evaluate what data retention period Evergreen Recruitment should implement for candidate CVs and interview records. Consider: legal requirements, storage costs, candidate rights, business needs and ethical use of personal data.(8)

QUESTION 4 (f) — continued

Continue your answer to Question 4(f).

Question 4 Total: 24 marks • Paper Total: 90 marks