GE3 MOCK READING EXAM
⚠️ IMPORTANT: Read the passages below and answer the questions that follow. You may write your answers on the question paper, but you MUST transfer your answers to the answer sheet before the 60 minutes are over. You will NOT be given any extra time at the end to do this.
A. In the digital age, cybersecurity has evolved from a niche technical concern to one of the most critical challenges facing individuals, businesses, and governments worldwide. The term "cybersecurity" refers to the practice of protecting computer systems, networks, programs, and data from digital attacks, unauthorized access, damage, or theft. As society becomes increasingly dependent on digital infrastructure—from banking and healthcare to transportation and energy systems—the potential consequences of cyberattacks have grown exponentially. The modern cybersecurity industry emerged in the 1970s when researcher Bob Thomas created the first computer virus, called "Creeper," as an experiment. His colleague Ray Tomlinson then developed the first antivirus program, "Reaper," to eliminate it. This cat-and-mouse dynamic between attackers and defenders has defined cybersecurity ever since. Today, the global cybersecurity market is valued at over $200 billion annually and is projected to exceed $400 billion by 2030, reflecting the escalating threat landscape and the critical importance of digital security.
B. Cyberattacks have become more sophisticated, frequent, and damaging over time. Ransomware attacks, in which hackers encrypt victims' data and demand payment for its release, have emerged as one of the most lucrative and disruptive forms of cybercrime. In 2021, the Colonial Pipeline attack in the United States forced the shutdown of a major fuel pipeline for six days, causing gasoline shortages across the East Coast and demonstrating how cyberattacks can impact physical infrastructure. The company paid a ransom of $4.4 million in Bitcoin to regain access to its systems. Similarly, the 2017 WannaCry ransomware attack affected more than 200,000 computers across 150 countries, including the UK's National Health Service (NHS), where the attack caused cancellations of 19,000 medical appointments and cost an estimated £92 million to remediate. Beyond ransomware, data breaches have exposed billions of personal records. In 2013, Yahoo revealed that all three billion of its user accounts had been compromised in a hack, making it the largest data breach in history. The stolen information included names, email addresses, telephone numbers, dates of birth, and encrypted passwords.
C. Nation-state actors have also entered the cyber arena, using digital weapons for espionage, sabotage, and geopolitical advantage. The 2010 Stuxnet attack, widely believed to be a joint operation by the United States and Israel, targeted Iran's nuclear enrichment facilities by sabotaging the centrifuges used to process uranium. This marked the first known instance of malware causing physical destruction of industrial equipment and demonstrated that cyberweapons could achieve strategic military objectives without conventional warfare. Russia has been accused of numerous cyberattacks, including the 2015 and 2016 attacks on Ukraine's power grid that left hundreds of thousands of people without electricity in the middle of winter. China has been implicated in extensive cyber espionage campaigns targeting intellectual property from Western companies and government agencies. The U.S. Department of Justice has estimated that Chinese cyber espionage costs the American economy between $225 billion and $600 billion annually. North Korea's Lazarus Group has conducted sophisticated attacks primarily for financial gain, including the 2014 Sony Pictures hack and the theft of $81 million from Bangladesh Bank in 2016.
D. Individual users face a constantly evolving array of cyber threats. Phishing attacks, in which criminals send fraudulent emails or messages designed to trick recipients into revealing sensitive information or downloading malware, remain one of the most common attack vectors. According to the FBI's Internet Crime Complaint Center, phishing was the most reported type of cybercrime in 2022, with over 300,000 reported victims and losses exceeding $52 million. Social engineering attacks exploit human psychology rather than technical vulnerabilities, manipulating people into breaking security procedures. Identity theft has become rampant, with criminals using stolen personal information to open fraudulent accounts, make unauthorized purchases, or commit other crimes in the victim's name. The availability of personal data on the dark web has created a thriving black market where stolen credit card information can be purchased for as little as $5, complete medical records for $250, and full identity packages for $1,000 or more. Password security remains a critical weakness: a 2022 study found that 65% of people reuse passwords across multiple accounts, making a single breach potentially catastrophic.
E. The cybersecurity profession has grown rapidly to meet these challenges, but there is a severe shortage of qualified professionals. The global cybersecurity workforce gap is estimated at 3.4 million unfilled positions, meaning there are far more job openings than qualified candidates to fill them. Cybersecurity roles command high salaries, with experienced professionals earning between $100,000 and $200,000 annually, and top specialists in areas like penetration testing, threat intelligence, and incident response earning significantly more. Universities worldwide have expanded their cybersecurity programs, and professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and CompTIA Security+ have become valuable credentials. Organizations are investing heavily in security technologies including firewalls, intrusion detection systems, encryption, multi-factor authentication, and artificial intelligence-powered threat detection. However, experts emphasize that technology alone cannot solve cybersecurity challenges—human awareness, training, and vigilance remain essential components of any effective security strategy.
"We've reached a point where surveillance capitalism has fundamentally altered the relationship between individuals and corporations," argues Professor Shoshana Zuboff of Harvard Business School, author of "The Age of Surveillance Capitalism." Her research examines how tech companies collect, analyze, and monetize vast amounts of personal data, often without users' full understanding or meaningful consent. Every click, search, location visit, and interaction generates data that companies aggregate to build detailed profiles used for targeted advertising, product development, and algorithmic decision-making.
The scale of data collection is staggering. Google processes over 8.5 billion searches per day and collects data from Android devices, Gmail, YouTube, Google Maps, and dozens of other services. Facebook (now Meta) has approximately 3 billion monthly active users across its platforms, tracking not only activities within its apps but also web browsing through Facebook pixels embedded on millions of websites. Amazon knows what products people view, purchase, and return, along with their voice commands to Alexa devices. This data aggregation enables remarkably precise targeting: advertisers can reach specific audiences defined by hundreds of characteristics, from demographic information to interests, behaviors, and psychological profiles. While companies claim this creates value by delivering relevant content and personalized experiences, critics argue it represents an unprecedented invasion of privacy with insufficient oversight or individual control.
Data breaches pose significant privacy risks beyond the immediate security concerns. When personal information is stolen, it can be used for identity theft, fraud, blackmail, or sold on criminal marketplaces. The 2017 Equifax breach compromised the personal information of 147 million people, including Social Security numbers, birth dates, addresses, and in some cases driver's license numbers—essentially providing criminals with everything needed to steal identities. The breach occurred because Equifax failed to patch a known security vulnerability for months despite warnings. Cambridge Analytica's harvesting of data from 87 million Facebook users for political targeting during the 2016 U.S. presidential election raised alarms about how personal information could be weaponized to manipulate public opinion. Dr. Carissa Véliz, an associate professor at the University of Oxford, warns that "data is not the new oil—it's the new plutonium: valuable, dangerous, and with potentially devastating consequences if mishandled."
Governments have begun implementing stricter data protection regulations. The European Union's General Data Protection Regulation (GDPR), which took effect in May 2018, represents the most comprehensive privacy law to date. It grants individuals the "right to be forgotten," requiring companies to delete personal data upon request; mandates clear consent for data collection; requires prompt notification of data breaches; and imposes fines up to €20 million or 4% of global annual revenue (whichever is higher) for violations. Amazon was fined €746 million for GDPR violations, while Meta received a €1.2 billion fine in 2023 for transferring European user data to the United States without adequate safeguards. California passed the California Consumer Privacy Act (CCPA) in 2020, giving residents the right to know what data is collected about them, delete their data, and opt out of its sale. Similar laws have been proposed or enacted in Virginia, Colorado, and other states, though the United States lacks comprehensive federal privacy legislation.
Emerging technologies present new privacy challenges. Facial recognition technology has become increasingly powerful and ubiquitous, deployed by law enforcement agencies, private businesses, and authoritarian governments for surveillance. Clearview AI has scraped over 30 billion images from social media and websites to create a facial recognition database accessible to police departments, raising concerns about consent and civil liberties. In China, the social credit system combines facial recognition, internet monitoring, and data aggregation to assign citizens scores affecting their access to services, employment, and travel—a dystopian vision that privacy advocates fear could spread. Biometric data collection, from fingerprints to iris scans to DNA profiles, creates permanent identifiers that cannot be changed like passwords. The Internet of Things (IoT), connecting billions of devices from smart speakers to fitness trackers to home security systems, generates continuous streams of intimate data about people's lives. A 2023 study by researchers at Imperial College London found that 92% of popular IoT devices collected more data than necessary for their stated functions, and 67% shared data with third parties without explicit user consent, highlighting the ongoing tension between technological convenience and privacy protection in the digital age.
A. In the digital age, cybersecurity has evolved from a niche technical concern to one of the most critical challenges facing individuals, businesses, and governments worldwide. The term "cybersecurity" refers to the practice of protecting computer systems, networks, programs, and data from digital attacks, unauthorized access, damage, or theft. As society becomes increasingly dependent on digital infrastructure—from banking and healthcare to transportation and energy systems—the potential consequences of cyberattacks have grown exponentially. The modern cybersecurity industry emerged in the 1970s when researcher Bob Thomas created the first computer virus, called "Creeper," as an experiment. His colleague Ray Tomlinson then developed the first antivirus program, "Reaper," to eliminate it. This cat-and-mouse dynamic between attackers and defenders has defined cybersecurity ever since. Today, the global cybersecurity market is valued at over $200 billion annually and is projected to exceed $400 billion by 2030, reflecting the escalating threat landscape and the critical importance of digital security.
B. Cyberattacks have become more sophisticated, frequent, and damaging over time. Ransomware attacks, in which hackers encrypt victims' data and demand payment for its release, have emerged as one of the most lucrative and disruptive forms of cybercrime. In 2021, the Colonial Pipeline attack in the United States forced the shutdown of a major fuel pipeline for six days, causing gasoline shortages across the East Coast and demonstrating how cyberattacks can impact physical infrastructure. The company paid a ransom of $4.4 million in Bitcoin to regain access to its systems. Similarly, the 2017 WannaCry ransomware attack affected more than 200,000 computers across 150 countries, including the UK's National Health Service (NHS), where the attack caused cancellations of 19,000 medical appointments and cost an estimated £92 million to remediate. Beyond ransomware, data breaches have exposed billions of personal records. In 2013, Yahoo revealed that all three billion of its user accounts had been compromised in a hack, making it the largest data breach in history. The stolen information included names, email addresses, telephone numbers, dates of birth, and encrypted passwords.
C. Nation-state actors have also entered the cyber arena, using digital weapons for espionage, sabotage, and geopolitical advantage. The 2010 Stuxnet attack, widely believed to be a joint operation by the United States and Israel, targeted Iran's nuclear enrichment facilities by sabotaging the centrifuges used to process uranium. This marked the first known instance of malware causing physical destruction of industrial equipment and demonstrated that cyberweapons could achieve strategic military objectives without conventional warfare. Russia has been accused of numerous cyberattacks, including the 2015 and 2016 attacks on Ukraine's power grid that left hundreds of thousands of people without electricity in the middle of winter. China has been implicated in extensive cyber espionage campaigns targeting intellectual property from Western companies and government agencies. The U.S. Department of Justice has estimated that Chinese cyber espionage costs the American economy between $225 billion and $600 billion annually. North Korea's Lazarus Group has conducted sophisticated attacks primarily for financial gain, including the 2014 Sony Pictures hack and the theft of $81 million from Bangladesh Bank in 2016.
D. Individual users face a constantly evolving array of cyber threats. Phishing attacks, in which criminals send fraudulent emails or messages designed to trick recipients into revealing sensitive information or downloading malware, remain one of the most common attack vectors. According to the FBI's Internet Crime Complaint Center, phishing was the most reported type of cybercrime in 2022, with over 300,000 reported victims and losses exceeding $52 million. Social engineering attacks exploit human psychology rather than technical vulnerabilities, manipulating people into breaking security procedures. Identity theft has become rampant, with criminals using stolen personal information to open fraudulent accounts, make unauthorized purchases, or commit other crimes in the victim's name. The availability of personal data on the dark web has created a thriving black market where stolen credit card information can be purchased for as little as $5, complete medical records for $250, and full identity packages for $1,000 or more. Password security remains a critical weakness: a 2022 study found that 65% of people reuse passwords across multiple accounts, making a single breach potentially catastrophic.
E. The cybersecurity profession has grown rapidly to meet these challenges, but there is a severe shortage of qualified professionals. The global cybersecurity workforce gap is estimated at 3.4 million unfilled positions, meaning there are far more job openings than qualified candidates to fill them. Cybersecurity roles command high salaries, with experienced professionals earning between $100,000 and $200,000 annually, and top specialists in areas like penetration testing, threat intelligence, and incident response earning significantly more. Universities worldwide have expanded their cybersecurity programs, and professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and CompTIA Security+ have become valuable credentials. Organizations are investing heavily in security technologies including firewalls, intrusion detection systems, encryption, multi-factor authentication, and artificial intelligence-powered threat detection. However, experts emphasize that technology alone cannot solve cybersecurity challenges—human awareness, training, and vigilance remain essential components of any effective security strategy.
"We've reached a point where surveillance capitalism has fundamentally altered the relationship between individuals and corporations," argues Professor Shoshana Zuboff of Harvard Business School, author of "The Age of Surveillance Capitalism." Her research examines how tech companies collect, analyze, and monetize vast amounts of personal data, often without users' full understanding or meaningful consent. Every click, search, location visit, and interaction generates data that companies aggregate to build detailed profiles used for targeted advertising, product development, and algorithmic decision-making.
The scale of data collection is staggering. Google processes over 8.5 billion searches per day and collects data from Android devices, Gmail, YouTube, Google Maps, and dozens of other services. Facebook (now Meta) has approximately 3 billion monthly active users across its platforms, tracking not only activities within its apps but also web browsing through Facebook pixels embedded on millions of websites. Amazon knows what products people view, purchase, and return, along with their voice commands to Alexa devices. This data aggregation enables remarkably precise targeting: advertisers can reach specific audiences defined by hundreds of characteristics, from demographic information to interests, behaviors, and psychological profiles. While companies claim this creates value by delivering relevant content and personalized experiences, critics argue it represents an unprecedented invasion of privacy with insufficient oversight or individual control.
Data breaches pose significant privacy risks beyond the immediate security concerns. When personal information is stolen, it can be used for identity theft, fraud, blackmail, or sold on criminal marketplaces. The 2017 Equifax breach compromised the personal information of 147 million people, including Social Security numbers, birth dates, addresses, and in some cases driver's license numbers—essentially providing criminals with everything needed to steal identities. The breach occurred because Equifax failed to patch a known security vulnerability for months despite warnings. Cambridge Analytica's harvesting of data from 87 million Facebook users for political targeting during the 2016 U.S. presidential election raised alarms about how personal information could be weaponized to manipulate public opinion. Dr. Carissa Véliz, an associate professor at the University of Oxford, warns that "data is not the new oil—it's the new plutonium: valuable, dangerous, and with potentially devastating consequences if mishandled."
Governments have begun implementing stricter data protection regulations. The European Union's General Data Protection Regulation (GDPR), which took effect in May 2018, represents the most comprehensive privacy law to date. It grants individuals the "right to be forgotten," requiring companies to delete personal data upon request; mandates clear consent for data collection; requires prompt notification of data breaches; and imposes fines up to €20 million or 4% of global annual revenue (whichever is higher) for violations. Amazon was fined €746 million for GDPR violations, while Meta received a €1.2 billion fine in 2023 for transferring European user data to the United States without adequate safeguards. California passed the California Consumer Privacy Act (CCPA) in 2020, giving residents the right to know what data is collected about them, delete their data, and opt out of its sale. Similar laws have been proposed or enacted in Virginia, Colorado, and other states, though the United States lacks comprehensive federal privacy legislation.
Emerging technologies present new privacy challenges. Facial recognition technology has become increasingly powerful and ubiquitous, deployed by law enforcement agencies, private businesses, and authoritarian governments for surveillance. Clearview AI has scraped over 30 billion images from social media and websites to create a facial recognition database accessible to police departments, raising concerns about consent and civil liberties. In China, the social credit system combines facial recognition, internet monitoring, and data aggregation to assign citizens scores affecting their access to services, employment, and travel—a dystopian vision that privacy advocates fear could spread. Biometric data collection, from fingerprints to iris scans to DNA profiles, creates permanent identifiers that cannot be changed like passwords. The Internet of Things (IoT), connecting billions of devices from smart speakers to fitness trackers to home security systems, generates continuous streams of intimate data about people's lives. A 2023 study by researchers at Imperial College London found that 92% of popular IoT devices collected more data than necessary for their stated functions, and 67% shared data with third parties without explicit user consent, highlighting the ongoing tension between technological convenience and privacy protection in the digital age.
INSTRUCTIONS: Choose the correct heading number (1-5) for paragraphs B, C, D, and E from Section 1. Write ONLY THE NUMBER in your answer. The first one (Example A = 5) has been done for you.
INSTRUCTIONS: Do the following statements agree with the information given in the reading passage?
In the correct space on your answer sheet, write:
5. The first computer virus was created in the 1970s.
6. The Colonial Pipeline company refused to pay the ransom demand.
7. The WannaCry attack affected computers in more than 100 countries.
8. Stuxnet was the first malware to cause physical damage to industrial equipment.
9. Phishing was the most reported cybercrime in 2022.
10. There is currently a global shortage of cybersecurity professionals.
INSTRUCTIONS: Complete the text below with words from the box. Choose NO MORE THAN ONE WORD OR A NUMBER from the box for each answer.
⚠️ IMPORTANT: Write the words in the correct space on your answer sheet. Answers with incorrect spelling will be marked wrong.
The cybersecurity market is currently worth over 11. billion dollars annually. 12. attacks encrypt victims' data for ransom, while 13. attacks use fraudulent messages to steal information. Yahoo suffered a breach affecting 14. billion user accounts. The cybersecurity workforce gap is estimated at 15. million unfilled positions worldwide.
INSTRUCTIONS: Choose the correct letter, A, B or C. Write ONLY the correct letter on your answer sheet.
16. Professor Shoshana Zuboff works at
17. Google processes approximately how many searches per day?
18. The Equifax breach compromised the data of
19. The GDPR took effect in
20. Clearview AI's database contains over
INSTRUCTIONS: Complete the sentence below with a word taken from Reading Section 2. Use ONE WORD for your answer.
⚠️ IMPORTANT: Write the answer in the correct space on your answer sheet. Answers with incorrect spelling will be marked wrong.
INSTRUCTIONS: Write NO MORE THAN TWO WORDS AND/OR A NUMBER for each answer.
⚠️ IMPORTANT: Write the answer in the correct space on your answer sheet. Answers with incorrect spelling will be marked wrong.
Evaluating your reading comprehension answers...