Part two of my June 2025 Paper 1 (0417/12) walkthrough. These three topics — testing a new system, reducing safety hazards, and the phishing-vs-pharming distinction — appear in most series. Instead of just listing answers, I'll focus on how the marks are actually awarded, because knowing the mark split is what turns a near-miss into full marks.
📄 The original paper and mark scheme are on the Cambridge International past papers page. Questions below are paraphrased and explained in my own words.
🔁 Studying both Paper 1 variants? I've covered the same topics from a different angle in my 0417/11 walkthrough — read both for extra practice, as the exact questions differ between papers.
System testing — one mark per reason, not per element
One question asked why certain system elements are tested, what abnormal test data means, why technical documentation is needed, and what else it contains.
How the marks work. Each element is worth one mark, and the mark is for the reason it's tested, not for naming the element. So you have to pair each one with the failure it prevents:
- File structure — tested so records aren't corrupted and the system processes data efficiently. (Reason = data integrity.)
- Validation routines — tested to confirm they actually reject unreasonable data. (Reason = trapping bad input.)
- Output format — tested so results display clearly and correctly. (Reason = the user can read and trust the output.)
Abnormal test data is the value you feed in expecting it to be refused — data outside the acceptable limits. Its job is to prove validation works. (Contrast with normal data, which should be accepted, and extreme data, which sits right on the boundary.)
Technical vs user documentation — the perennial trap. Technical documentation is for developers so they can maintain, repair or upgrade the system later; it contains things like algorithms, flowcharts, variable lists, program listings, input/output formats and hardware/software requirements. User documentation is for the end user (manuals, help files). If the question says "technical," every example must be developer-facing — a "how to log in" guide is user documentation and scores zero.
✏️ Practice it: "A developer is testing a field that stores a percentage mark (0–100). Give one item of normal test data and one item of abnormal test data, and state what each is checking."
Workplace safety — three different, specific measures
Another question asked for three ways each to reduce two hazards: electrocution and trailing leads.
Where marks are lost. Each part wants three different measures, so the examiner is checking for variety as well as relevance. Three rewordings of "tidy the cables" count as one idea. And vague safety advice ("be careful," "don't trip") scores nothing — every point must be a concrete, ICT-specific action.
Reducing electrocution risk — think prevention, maintenance, and behaviour: fit residual current devices (RCDs/circuit breakers) so power cuts off on a fault; check cables and insulation regularly and replace damaged ones; keep drinks and liquids away from equipment; and never handle plugs or wiring with wet hands.
Reducing trailing-lead risk — think containment and removal: run cables through ducts or trunking; route them under carpets or along skirting/ceiling rather than across walkways; bundle loose cables with ties; or switch to wireless devices so there's no cable to trip over at all.
Notice each of those is a distinct mechanism — that's how you guarantee three separate marks.
✏️ Practice it: "A new computer suite has power sockets only on one wall, so cables must cross the room. Describe two different ways the school could make this safe."
Phishing vs pharming — a quick diagnostic
The final question asked candidates to compare and contrast phishing and pharming, then give precautions against each.
Both are scams that end on a fake website built to steal personal data and commit fraud — that's the similarity half of a compare-and-contrast answer. The 6-mark tariff needs both similarities and differences, so don't stop at one side.
The difference comes down to one question: did the user have to do anything?
- If a fake email or message tricked them into clicking a link → that's phishing. The attack lives in the message, and it needs user action.
- If malicious code redirected them automatically, even after typing the correct address → that's pharming. The attack lives in code (on the device or a DNS server) and needs no user action.
Run any scenario through that one question and you'll classify it correctly every time. And steer clear of the classic error of calling them "viruses" — they're scams/attacks based on deception and redirection, not self-replicating code.
Precautions follow from the mechanism. Phishing relies on you clicking, so the defences are human-facing: use spam/email filters, check the sender's address, and don't click links in unexpected messages. Pharming relies on malicious code and redirection, so the defences are technical: keep anti-malware updated, check the URL in the address bar before entering details, and stick to trusted HTTPS sites.
✏️ Practice it: "A user types their bank's correct web address but lands on a convincing fake login page. State whether this is phishing or pharming, and justify your answer using the 'did the user have to do anything?' test."
Quick recap
- System testing earns marks for the reason each element is tested (integrity, trapping bad data, clear output) — and technical documentation is for developers, never users.
- Safety answers must be three different, specific, ICT-relevant actions — variety is part of the mark.
- Phishing needs a click; pharming redirects automatically — but both end at a fake site, so give similarities and differences.
