All Categories MCQs
Topic Notes: All Categories
General Description
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
101
A "stateful" firewall is more advanced than a packet-filtering firewall because it:
Answer:
Keeps track of the state of active network connections.
A stateful firewall maintains a "state table" of all open connections. This allows it to make more intelligent decisions. For example, it can allow return traffic that is part of an already established connection from the inside, without needing a specific rule for it, while blocking unsolicited inbound traffic.
102
What is the main purpose of encryption?
Answer:
To convert data into a coded format (ciphertext) to prevent unauthorized access.
Encryption is the process of scrambling data (plaintext) into an unreadable format (ciphertext) using a key. Only someone with the correct key can decrypt the data back into its original, readable form, ensuring its confidentiality.
103
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to:
Answer:
Secure credit and debit card transactions against data theft and fraud.
PCI DSS is a standard that applies to any organization that accepts, transmits, or stores cardholder data. It was created by the major payment card brands (Visa, MasterCard, etc.) to reduce credit card fraud.
104
What is the role of a Data Protection Officer (DPO) under GDPR?
Answer:
An expert on data protection whose task is to ensure that an organization processes personal data in compliance with the applicable data protection rules.
A DPO is a mandatory role for certain organizations under GDPR. They are an independent expert who is responsible for monitoring internal compliance, advising on data protection obligations, and acting as a point of contact for data subjects and supervisory authorities.
105
A law requiring companies to notify individuals when their personal information has been compromised in a data breach is called a:
Answer:
Data breach notification law.
Data breach notification laws mandate that organizations must inform affected individuals (and often regulators) when a security incident has resulted in the unauthorized access or acquisition of their personal data.
106
How does a Distributed Denial-of-Service (DDoS) attack differ from a DoS attack?
Answer:
A DDoS attack uses multiple, distributed sources (often a botnet) to launch the attack, making it harder to block.
The key difference is the scale and origin. A DoS attack comes from a single source, which can be relatively easy to block. A DDoS attack uses a "botnet" of many compromised computers to launch the attack from numerous sources simultaneously, making it much more powerful and difficult to mitigate.
107
A Cross-Site Scripting (XSS) attack involves:
Answer:
Injecting malicious scripts into a trusted website, which then run in the browsers of other users.
In an XSS attack, the attacker doesn't target the website directly but rather its users. The malicious script is injected into the site's content (e.g., in a comment section), and when other users visit the page, the script executes in their browser, potentially stealing their session cookies or credentials.
108
What was the main purpose of the US Computer Fraud and Abuse Act (CFAA)?
Answer:
To be the first major federal law to address and criminalize hacking and computer fraud.
The CFAA, first enacted in 1986, is a key piece of US anti-hacking legislation. It criminalizes accessing a computer without authorization or exceeding one's authorized access.
109
What is a "watering hole" attack?
Answer:
An attack where the attacker compromises a website that is known to be trusted and frequented by a specific group of targets.
Rather than attacking the targets directly, the attacker infects a legitimate website they know the targets visit (the "watering hole"). When the targets visit the now-compromised site, their computers become infected with malware.
110
What is a key challenge to the widespread adoption of MFA?
Answer:
The perceived inconvenience or complexity for users, and the need for account recovery processes.
While MFA significantly boosts security, the extra step in the login process can be seen as a hassle by some users. Additionally, organizations need to have robust procedures in place for when a user loses their second factor, as this can be a complex support issue.