Computer Science/IT MCQs
Topic Notes: Computer Science/IT
MCQs and preparation resources for competitive exams, covering important concepts, past papers, and detailed explanations.
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
111
What is the role of a Data Protection Officer (DPO) under GDPR?
Answer:
An expert on data protection whose task is to ensure that an organization processes personal data in compliance with the applicable data protection rules.
A DPO is a mandatory role for certain organizations under GDPR. They are an independent expert who is responsible for monitoring internal compliance, advising on data protection obligations, and acting as a point of contact for data subjects and supervisory authorities.
112
A law requiring companies to notify individuals when their personal information has been compromised in a data breach is called a:
Answer:
Data breach notification law.
Data breach notification laws mandate that organizations must inform affected individuals (and often regulators) when a security incident has resulted in the unauthorized access or acquisition of their personal data.
113
How does a Distributed Denial-of-Service (DDoS) attack differ from a DoS attack?
Answer:
A DDoS attack uses multiple, distributed sources (often a botnet) to launch the attack, making it harder to block.
The key difference is the scale and origin. A DoS attack comes from a single source, which can be relatively easy to block. A DDoS attack uses a "botnet" of many compromised computers to launch the attack from numerous sources simultaneously, making it much more powerful and difficult to mitigate.
114
A Cross-Site Scripting (XSS) attack involves:
Answer:
Injecting malicious scripts into a trusted website, which then run in the browsers of other users.
In an XSS attack, the attacker doesn't target the website directly but rather its users. The malicious script is injected into the site's content (e.g., in a comment section), and when other users visit the page, the script executes in their browser, potentially stealing their session cookies or credentials.
115
What was the main purpose of the US Computer Fraud and Abuse Act (CFAA)?
Answer:
To be the first major federal law to address and criminalize hacking and computer fraud.
The CFAA, first enacted in 1986, is a key piece of US anti-hacking legislation. It criminalizes accessing a computer without authorization or exceeding one's authorized access.
116
What is a "watering hole" attack?
Answer:
An attack where the attacker compromises a website that is known to be trusted and frequented by a specific group of targets.
Rather than attacking the targets directly, the attacker infects a legitimate website they know the targets visit (the "watering hole"). When the targets visit the now-compromised site, their computers become infected with malware.
117
What is a key challenge to the widespread adoption of MFA?
Answer:
The perceived inconvenience or complexity for users, and the need for account recovery processes.
While MFA significantly boosts security, the extra step in the login process can be seen as a hassle by some users. Additionally, organizations need to have robust procedures in place for when a user loses their second factor, as this can be a complex support issue.
118
A USB security key, such as a YubiKey, is an example of what authentication factor?
Answer:
Possession
A physical security key is a hardware device that you must possess and physically present (by plugging it in and/or tapping it) to authenticate. It is considered one of the most secure forms of MFA.
119
What is "cryptanalysis"?
Answer:
The study of analyzing and breaking cryptographic systems.
Cryptanalysis is the "code-breaking" side of cryptography. It involves studying ciphers and cryptographic protocols to find weaknesses and vulnerabilities that would allow an attacker to bypass the security they are supposed to provide.
120
Why isn't email generally recommended as a second factor for authentication?
Answer:
Because email accounts are frequently compromised, which would allow an attacker to bypass the MFA.
If an attacker gains access to your email account (often through a separate phishing attack), and you are using that same email account to receive your 2FA codes, then the second factor provides no additional security. This is a single point of failure.