Computer Science/IT MCQs
Topic Notes: Computer Science/IT
MCQs and preparation resources for competitive exams, covering important concepts, past papers, and detailed explanations.
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
121
An OTP that is generated based on a counter and a shared secret, and is used until a new one is requested, is known as:
Answer:
An HOTP (HMAC-based One-Time Password)
HOTP is an event-based OTP. A new code is generated either when a button is pressed on a hardware token or when the user requests one. Unlike TOTP, it does not expire after a set time.
122
A "circuit-level gateway" is a type of firewall that:
Answer:
Works at the Session layer (Layer 5) and monitors TCP handshakes.
A circuit-level gateway is a simpler type of firewall that operates at the Session layer. It doesn't inspect the content of the packets but instead validates that a requested session is legitimate by monitoring the TCP handshake.
123
Which of the following is an example of a symmetric encryption algorithm?
Answer:
AES
AES (Advanced Encryption Standard) is the most widely used symmetric encryption algorithm. RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography) are examples of asymmetric algorithms.
124
A "Caesar cipher," where each letter in the plaintext is shifted a certain number of places down the alphabet, is a simple example of:
Answer:
A substitution cipher (a type of symmetric encryption)
The Caesar cipher is one of the earliest and simplest forms of symmetric encryption. It uses a key (the number of shifts) to substitute each letter for another, and the same key is used to reverse the process.
125
An "insider threat" refers to a security risk that originates from:
Answer:
Within the organization, such as from a current or former employee, contractor, or business partner.
An insider threat is a security risk that comes from someone who has authorized access to an organization's systems and data. This can be a malicious act (e.g., a disgruntled employee stealing data) or an unintentional one (e.g., an employee falling for a phishing scam).
126
What is Multi-Factor Authentication (MFA)?
Answer:
?
MFA, also known as two-factor authentication (2FA), adds a critical second layer of security to user logins. Instead of just asking for a username and password, it requires additional evidence of the user's identity.
127
What is the role of a SIEM (Security Information and Event Management) system?
Answer:
To collect, aggregate, and analyze log data from various security tools and network devices to provide a centralized view of security events.
A SIEM system is a central hub for security data. It gathers logs from firewalls, IDS/IPS, servers, and other sources, and then uses correlation rules to identify trends and potential security incidents from this massive amount of data.
128
The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that regulates what type of information?
Answer:
Protected Health Information (PHI)
HIPAA establishes national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. It applies to healthcare providers, health plans, and other "covered entities."
129
What is a key principle of the GDPR regarding user consent?
Answer:
Consent must be freely given, specific, informed, and unambiguous.
Under GDPR, companies cannot use pre-ticked boxes or confusing language to obtain consent. Users must make a clear, affirmative action to consent to the processing of their personal data, and they must be able to withdraw that consent at any time.
130
What is the primary defense against SQL Injection attacks?
Answer:
Using parameterized queries (prepared statements) and input validation.
The most effective way to prevent SQLi is through secure coding practices. Parameterized queries ensure that user input is treated as data only and cannot be executed as SQL code. Input validation also helps by sanitizing and rejecting malicious input.