C3 DIT

Pearson · Component 3 · Digital Information Technology · June 2025

EFFECTIVE
DIGITAL
WORKING

Every question. Every mark. Every technique — the complete exam walkthrough.

AO1 · Knowledge
AO2 · Understanding
AO3 · Application
AO4 · Synoptic Evaluation
4Scenarios
60Total Marks
16Questions
100% Strategy
Scroll to begin
Before You Begin — Read This First

Exam Question Success

Master the command verbs and you master the marks

AO1
Knowledge
Give · State · Identify
Provide two distinct, accurate facts without unnecessary expansion. These are points-based — one mark per correct fact.

⚠️ Never use the example already given in the question as your answer or you score 0 for that point.
Target: 2 distinct technical facts
AO2
Understanding
Explain (2–4 marks)
2-mark: Point + Because.
3-mark: Point + Because + Leads To.
4-mark: Two separate Points, each with their own Because.

The "Because" is your justification — it is what earns the second mark. Without it, you only score 1.
Target: every point needs a linked reason
AO3
Application
Describe · Annotate · Draw
Describe: A step-by-step sequence (not reasons why — the how).
Annotate: 2 Labels + 2 Statements of use on a diagram.
Draw: Correct notation, arrows showing flow direction, all scenario steps included.
Relate every answer to the specific company
AO4
Synoptic
Discuss · Evaluate (6 marks)
Discuss: BLT chain × 2–3 aspects. Sustained argument showing how digital concepts interrelate.
Evaluate: BLT for benefits + BLT for drawbacks + supported conclusion. Weigh both sides.
Always end with a supported conclusion
🎯
Secret #1 — Context is Everything
Always Name the Company
The biggest reason pupils lose marks is giving generic assertions not linked to the scenario. Every answer must mention the specific company name (e.g., "Sparrow Kitchens", "Keisha's shop") and their specific data or situation. Generic answers are capped at the lower levels.
🔗
Secret #2 — The BLT Chain
Point → Because → Leads To → Therefore
For 6-mark questions, each BLT chain earns approximately 3 marks. Two complete chains = Level 3. The "Therefore" connects to business impact or another concept — this is what creates the "sustained argument" examiners want. Never stop at "Leads To".
💻
Secret #3 — Technical Precision
Use Exact Terminology
Distinguish: firewalls monitor traffic; anti-virus scans files. Use terms like scalability, synchronisation, DNS spoofing, brute-force in context. Vague terms like "hackers can get in" score 0 — be precise about what happens and why.
⚖️
Secret #4 — Level 3 Descriptors
Both Sides + Supported Conclusion
For Evaluate questions, you must show both benefits and drawbacks with BLT structure. Then conclude with which is more important and why, referencing your earlier evidence. A conclusion without prior support scores no credit.
✍️
Note for pupils: While these model answers would achieve 100%, the examiner reports emphasise that handwriting must be legible so the examiner can actually award the marks you have earned. No marks are given for answers the examiner cannot read.
1
Question 1 — Kitchen Installation Company

Sparrow Kitchens

Communication, Environment & Social Media

Staff use email and direct messaging. Old laptops need responsible disposal. The company advertises via social media. Reference kitchen installation services and staff communication in every relevant answer.

Questions 1a–1e · 12 Marks
1
Question 1(a)2 Marks

Staff use email to communicate with customers. Phishing is one drawback. Give two other drawbacks of using email.

AO1 — Give/State: Two distinct facts. No explanation needed. Do NOT say "phishing" (already given).
Model Answer — 2/2
1
Staff require a stable internet connection to access messages — if the network is down, they cannot communicate with clients.
2
Risk of malware — staff might accidentally download a virus or Trojan horse attached to a customer enquiry email.
🚫 Never repeat an example already given in the question. You will score 0 marks for that point.
Question 1(b)2 Marks

Explain one benefit to staff of using direct messaging to communicate with each other.

AO2 — Explain (2 marks): Point + Because. One mark each.
Model Answer — Point + Because
Point (1 mark)
Direct messaging allows for real-time communication between Sparrow Kitchens staff.
Because (1 mark)
Because messages are sent and received instantly, installers on-site can ask office staff questions to resolve issues immediately without delays.
Question 1(c)2 Marks

Explain one way the old laptops could damage the environment if sent to landfill sites.

Model Answer
Point
The old Sparrow Kitchens laptops contain toxic chemicals such as lead, mercury, or arsenic.
Because
Because these materials are released as the hardware breaks down, they can leak into the soil and poison the local water supply or food chain.
Question 1(d)2 Marks

Explain one way, other than using landfill, the company can dispose of old laptops that respects the environment.

Model Answer
Point
Sparrow Kitchens could choose to recycle their old laptop devices through a registered e-waste facility.
Because
Because recycling allows raw materials and specific components to be reclaimed, they can be reused in the manufacture of new hardware, reducing environmental waste.
💡 Other valid answers: donate to charity/schools, sell/refurbish, use certified WEEE recycling. Any one with a linked reason scores full marks.
Question 1(e)4 Marks

Sparrow Kitchens uses social media to advertise its services. Explain two benefits of using social media to advertise the company's services.

AO2 — Explain (4 marks): Two separate Points, each with its own Because. Each P+B pair earns 2 marks.
📌 For 4-mark "explain two" questions: write two entirely separate BPs. Do not develop one point into a chain — the marks come from breadth, not depth.
Model Answer — Two P+B pairs

BENEFIT 1

Point (1 mark)
Social media allows Sparrow Kitchens to reach a much wider global audience.
Because (1 mark)
Because adverts can be seen 24/7 by anyone with an account, it increases the number of potential customers who see the kitchen installation services.

BENEFIT 2

Point (1 mark)
The company can use targeted marketing on social media platforms.
Because (1 mark)
Because social media algorithms identify specific demographics, Sparrow Kitchens can show adverts only to people currently interested in home improvements — reducing wasted advertising spend.
2
Question 2 — Carpet and Rug Retailer

Carpets Forever

Cyber Security, Encryption & Data Breaches

Internal threats, website recognition, encryption of transmitted data, and the impacts of a security breach. Reference carpet and rug retail operations throughout.

Questions 2a–2d · 12 Marks
Question 2(a)2 Marks

One potential internal threat is staff visiting untrustworthy websites. Give two other internal threats to the company's digital systems.

AO1 — Internal threats come from INSIDE the organisation (staff, devices, processes). Do NOT give "hacking" — that's external.
Model Answer — 2 internal threats
1
Unintentional disclosure — a Carpets Forever staff member accidentally emails a customer list to the wrong recipient.
2
Portable storage devices (USB drives) — could introduce malware to the company's network when plugged in.
🔑 Internal threats include: accidental disclosure, weak passwords, using own devices (BYOD), leaving screens unlocked, disgruntled employees, portable storage. External threats include: hacking, DDoS, phishing from outsiders.
Question 2(b)2 Marks

Explain one way staff could recognise an untrustworthy website.

Model Answer
Point
Staff should check the website's URL for a padlock icon or "HTTPS".
Because
Because if these security markers are missing, it indicates the site does not have encryption, making it unsafe for staff to enter any Carpets Forever business data.
Other valid answers: suspicious/misspelled domain names, no privacy policy, lots of pop-ups, poor grammar. Any one + linked because = full marks.
Question 2(c)4 Marks

The company uses encryption to protect transmitted data. Annotate the image by identifying and labelling two features and stating how each feature is used.

AO3 — Annotate (4 marks): 2 Labels + 2 Statements of use. Each label + statement pair = 2 marks.
🏷️ For annotation questions: Label → then immediately write a sentence explaining what that feature does for the company. Generic definitions without company context score less.
Annotation Answer — 4/4
Feature 1 — Label
Encryption Key
This key uses an algorithm to scramble the original plaintext into unreadable ciphertext before it is transmitted to the customer. This protects Carpets Forever's transaction data while it travels across the internet.
Feature 2 — Label
Decryption Key
The recipient uses this specific key to unscramble the ciphertext and convert it back into its original, readable format, so the customer can view their order confirmation or receipt.

Encryption Concept — Quick Revision

Plaintext
Original readable data
Encrypt Key
Scrambles data
Ciphertext
Unreadable in transit
Decrypt Key
Restores plaintext
Question 2(d)4 Marks

Data loss is one impact of a security breach. Explain two other potential impacts on Carpets Forever of a security breach.

AO2 — Two separate explained points. Do NOT say "data loss" — already given in the question.
Model Answer — Two P+B pairs

IMPACT 1 — Reputational

Point
The company could suffer a significant loss of reputation.
Because
Because customers may no longer trust Carpets Forever with their personal data, it leads to a loss of future sales and competitive advantage.

IMPACT 2 — Legal

Point
The breach could lead to serious legal action.
Because
Because failing to protect customer data is a breach of the Data Protection Act (DPA), the company could be sued or face heavy fines from the government.
3
Question 3 — Rugby Club

The Red Kites

Cloud Technology, Wi-Fi Security & Flowcharts

Cloud maintenance, open Wi-Fi security risks, door lock drawbacks, and a flowchart for a self-service ticket issuing process. This question includes a 6-mark technical diagram task.

Questions 3a–3d · 16 Marks
Question 3(a)2 Marks

The rugby club uses cloud technology. One benefit is the service provider is responsible for maintenance. Explain one reason why this is a benefit for the rugby club.

Model Answer
Point
This arrangement saves The Red Kites money on staffing costs.
Because
Because the cloud provider handles all software updates and technical repairs, The Red Kites do not need to employ a dedicated IT technician, freeing budget for other club activities.
Question 3(b)4 Marks

The rugby club provides open Wi-Fi to the public. Explain two security issues of using open Wi-Fi.

Model Answer — Two P+B pairs

ISSUE 1

Point
Open Wi-Fi often does not use encryption for data transmission.
Because
Because the connection is unencrypted, any passwords or bank details entered by rugby fans can be easily read by others on the same network.

ISSUE 2

Point
High risk of a "man-in-the-middle" attack.
Because
Because an unauthorised hacker can intercept the traffic between a fan's device and the network, they can steal sensitive personal information for financial gain.
4-Mark Explain + 6-Mark Flowchart

Door Locks & Ticket Issuing

Question 3(c)4 Marks

Explain two drawbacks of using door locks as a security measure.

Model Answer

DRAWBACK 1

Point
Physical keys are easily copied.
Because
Because keys can be duplicated without permission, it becomes very difficult to track exactly who has access to the club's restricted areas.

DRAWBACK 2

Point
No automated tracking of key usage.
Because
Because mechanical locks do not create a digital access log, the club has no record of which individual entered a room or at what time, making investigation of incidents impossible.
Question 3(d)6 Marks

Draw a flowchart showing the self-service ticket issuing process: user inserts bank card → system reads card → checks for matching order → prints tickets or shows error → returns card.

AO3 — Draw (6 marks): Correct shapes, arrows showing direction, all scenario steps covered.
Flowchart Structure & Logic
START
Insert bank card
Read card number
Card matches order?
YES ↓
Print tickets
NO ↓
Display error
Return bank card
END
Oval = Start/End
Rhombus = I/O
Diamond = Decision
4
Question 4 — High-Street Retailer

Keisha's Clothes Shop

Data Rights, Cloud Storage, Handheld Devices & Password Policy

Pharming attacks, cloud scalability, the right to be forgotten, handheld devices for stock checking, and a 6-mark password policy evaluation. The most demanding section of the paper.

Questions 4a–4e · 20 Marks
Question 4(a)3 Marks

Keisha was a victim of a pharming attack. Describe what is meant by a pharming attack.

AO3 — Describe (3 marks): Three linked steps showing HOW it works. Point + Because + Leads To.
Model Answer — 3-step Description
Step 1 — What it is (1 mark)
Pharming is a type of cyberattack that involves DNS spoofing.
Step 2 — How it works (1 mark)
Because the attack redirects users from a legitimate website to a fraudulent one without their knowledge, even if they type the correct URL.
Step 3 — The outcome (1 mark)
This leads to the victim being tricked into entering their sensitive personal data or login credentials onto the fake site, allowing the attacker to steal the information.
🔍 Pharming vs Phishing: Phishing uses fake emails to trick users. Pharming silently redirects them even when they type the correct address — it's harder to detect.
Question 4(b)2 Marks

One benefit of cloud storage is scalability. Explain one reason why scalability is a benefit.

Model Answer
Point
Scalability makes cloud storage a very flexible solution for Keisha's shop.
Because
Because she can increase or decrease her storage capacity in real-time to match current clothing stock levels, she only ever pays for the digital space the shop actually uses.
Question 4(c)3 Marks

Customers have a right to be forgotten regarding their stored personal data. Explain what is meant by the right to be forgotten.

AO3 — Describe/Explain (3 marks): Point + Because + Leads To. Apply to Keisha's context.
⚖️ This is a data rights question under GDPR / Data Protection Act. The right applies when data is no longer needed for its original purpose, or the customer withdraws consent.
Model Answer — 3/3
Point (1 mark)
The right to be forgotten allows customers to ask Keisha's shop to delete their personal information from the shop's systems.
Because (1 mark)
Because this is a legal right under data protection laws, the company must comply if the data is no longer needed for its original purpose.
Leads To (1 mark)
This leads to the permanent removal of the customer's data from the shop's database, ensuring their privacy is respected if they object to further marketing.
AO4 — 6-Mark Discuss — Full BLT Chain × 2

Q4d: Handheld Devices for Stock

Question 4(d)6 Marks

Staff use handheld devices to find out what stock is available in the stockroom. Discuss the benefits and drawbacks to the staff of using handheld devices for checking stock.

AO4 — Discuss: BLT chain for benefit + BLT chain for drawback. Show how both aspects interrelate for the specific business. No standalone conclusion required for "Discuss" — the "Therefore" sentences provide the evaluative thread.
Benefit — BLT Chain
Point
Handheld devices significantly improve staff productivity and response times.
Because
Because these devices provide real-time synchronisation with the central stock database, staff have up-to-date clothing stock information at their fingertips.
Leads To
This leads to staff being able to give customers immediate answers without having to physically walk to the stockroom every time.
Therefore
Therefore, the portability of these devices makes the staff's job more efficient and reduces physical strain, benefiting both staff wellbeing and customer satisfaction.
Drawback — BLT Chain
However…
A major drawback is the risk of technical or connection issues.
Because
Because handhelds rely on a stable wireless connection, any network dropout could result in staff seeing inaccurate or outdated clothing stock levels.
Leads To
This leads to staff potentially giving customers wrong information, causing frustration and extra work to correct the error.
Therefore
Therefore, while the devices offer great convenience, staff must be trained to handle technical failures and ensure devices are always charged and updated to remain functional.
AO4 — The Crown Jewel — 6-Mark Evaluate

Q4e: Password Policy

Creation rules + Protection rules + Supported Conclusion

Question 4(e)6 Marks

There is a password policy for staff to follow to protect customer data. Evaluate what should be included in the password policy, considering rules for both the creation and the protection of passwords.

Part 1 — Password CREATION (BLT)
Point
The policy must mandate a minimum length of at least 8–10 characters.
Because
Because longer passwords significantly increase the time it takes for a hacker to succeed in a brute-force attack against Keisha's shop systems.
Leads To
This leads to a much more secure system that is difficult for automated software to guess.
Therefore
Therefore, a length requirement is a fundamental part of an effective policy for Keisha's shop and should be the first rule implemented.
Part 2 — Password PROTECTION (BLT)
Point
The policy should strictly forbid staff from sharing passwords or writing them down.
Because
Because shared or written passwords create physical security vulnerabilities that can be easily exploited through "shoulder surfing" or accidental disclosure by shop staff.
Leads To
This leads to a higher risk of data breaches, putting customer clothing purchase data at risk.
Therefore
Therefore, while these rules may seem inconvenient for staff, they are essential for Keisha to meet her legal obligations under the Data Protection Act.
Supported Conclusion — The Evaluate Requirement
C
Conclusion
Both creation and protection rules are essential — neither works without the other. A strong 10-character password is useless if a member of staff writes it on a sticky note.
J
Justified By
The most impactful single rule is minimum length — it is cheap to implement, requires no extra software, and directly raises the bar against the most common attack: brute-force password cracking.
Quick Reference

Command Verb Cheat Sheet

Command VerbAOMarksStructureKey Requirement
Give / State AO1 2 Two distinct facts No expansion needed. Never repeat an example already given in the question — you score 0.
Explain (2 marks) AO2 2 Point + Because The "Because" is the justification mark. Without it, you only score 1.
Explain (3 marks) AO2/3 3 Point + Because + Leads To Each step earns 1 mark. Name the specific company and scenario.
Explain (4 marks) AO2 4 2 × (Point + Because) Two completely separate explained points. Do not chain one into a long paragraph.
Describe (3 marks) AO3 3 3 linked sequential steps Focus on HOW something works (sequence), not WHY. One mark per step.
Annotate (4 marks) AO3 4 2 Labels + 2 Statements of use Each label earns 0 alone — you need the statement of use for the second mark per feature.
Draw (6 marks) AO3 6 Correct shapes + arrows + all steps Ovals = start/end. Diamonds = decisions (YES/NO branches). Rhombus = input/output. No loose ends.
Discuss (6 marks) AO4 6 2–3 × full BLT chains Sustained argument. "Therefore" at the end of each chain shows interrelation. Always name the business.
Evaluate (6 marks) AO4 6 BLT pros + BLT cons + Conclusion Must weigh both sides AND conclude with a supported judgement. Conclusion without evidence scores 0.
Before you hand in your paper

The 100% Checklist

Click each item as you complete it

Named the Company
Did you write "Sparrow Kitchens", "Carpets Forever", "The Red Kites", or "Keisha's shop" in every extended answer?
Named Specific Data/Context
Did you reference kitchen installations, clothing stock, boiler repairs, or ticket issuing where relevant?
Every Explain has a "Because"
For ALL explain questions: did every Point have a linked Because? A point without "because" = 1 mark, not 2.
6-Mark: Used "Therefore"
For Discuss and Evaluate: does each BLT chain end with "Therefore…"? This is what creates the sustained argument.
Evaluate has a Conclusion
Q4e: Did you end with a supported conclusion stating which rule is most important AND why?
Give/State: Not Repeated Example
Q1a and Q2a: Did you check you haven't used the example already given in the question?
Flowchart: All Shapes Correct
Q3d: Oval = start/end, Diamond = decision with YES/NO, Rhombus = input/output, Rectangle = process. All steps connected.
Handwriting is Legible
Examiner reports state clearly: marks cannot be awarded for answers the examiner cannot read. Write clearly.
You've Got This.

Every mark has a method. Every method has been shown to you right here.

Component 3 DIT · June 2025 · Pearson