Computer Science/IT MCQs
Topic Notes: Computer Science/IT
MCQs and preparation resources for competitive exams, covering important concepts, past papers, and detailed explanations.
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
141
What is a "dictionary attack"?
Answer:
A type of brute-force attack that uses a pre-compiled list of common words and phrases (a "dictionary") as passwords.
A dictionary attack is a more refined version of a brute-force attack. Instead of trying every possible character combination, it focuses on likely passwords found in a dictionary, making it much faster if the user has chosen a weak, common password.
142
End-to-end encryption (E2EE) provides the highest level of confidentiality because:
Answer:
The data is encrypted on the sender's device and can only be decrypted on the recipient's device.
With E2EE, the service provider in the middle (e.g., the messaging app company) cannot access the plaintext of the messages. The encryption and decryption happen only at the "endpoints" (the user devices), ensuring that no one other than the sender and intended recipient can read the content.
143
An attacker who alters the ARP tables on a local network to redirect traffic through their own machine is setting up for what kind of attack?
Answer:
A Man-in-the-Middle attack
This technique, known as ARP spoofing or ARP poisoning, is a common method for initiating a Man-in-the-Middle attack on a local area network (LAN). By corrupting the ARP cache of other devices, the attacker tricks them into sending network traffic to the attacker's machine instead of the legitimate gateway or destination.
144
"Push notifications" for MFA work by:
Answer:
Sending a prompt to a trusted device (like your phone) that you simply tap to approve or deny the login attempt.
With push-based MFA, when you try to log in, a notification is sent to a pre-registered app on your smartphone. You can then approve the login with a single tap, making it a very user-friendly MFA method.
145
"Credential stuffing" is an attack where:
Answer:
An attacker uses lists of compromised usernames and passwords from one data breach to try and log in to other, unrelated services.
Credential stuffing exploits the common user behavior of password reuse. Attackers take lists of credentials leaked from a breach at Company A and use automated bots to try them on the login pages of Company B, Company C, and so on.
146
What is the difference often implied between "two-step verification" (2SV) and "two-factor authentication" (2FA)?
Answer:
2SV might use two factors from the same category (e.g., password and PIN), while 2FA requires factors from two different categories.
While the terms are often used interchangeably, there is a subtle technical distinction. "Two-factor" (2FA) specifically means using two factors from *different* categories (e.g., knowledge + possession). "Two-step" (2SV) is a broader term that just means there are two sequential steps, which could be from the same category. However, in common usage, they are mostly synonymous.
147
Using a password (knowledge) and a fingerprint scan (inherence) to log in is an example of:
Answer:
Multi-factor authentication.
This is a classic example of MFA because it requires the user to provide proof from two *different* categories of authentication factors (knowledge and inherence).
148
Export control laws, such as those in the United States, can restrict the "export" of what technology relevant to cybersecurity?
Answer:
Strong encryption software and technology.
Historically, strong encryption was classified as a "munition" by some governments, and its export was heavily restricted due to national security concerns. While these regulations have been relaxed, restrictions still exist on exporting certain high-strength cryptographic technologies to specific countries.
149
The Children's Online Privacy Protection Act (COPPA) is a US law that applies to:
Answer:
is a US law that applies to:
COPPA places specific requirements on operators of websites or online services directed to children under 13, and on operators of other websites or services that have actual knowledge that they are collecting personal information online from a child under 13.
150
The legal concept that holds that an organization can be held responsible for the actions of its employees is known as:
Answer:
Vicarious liability
Vicarious liability is a legal doctrine where one party is held responsible for the actions of a third party. In a business context, this means a company can be held liable for a data breach caused by the negligence or malicious action of one of its employees.