Computer Science/IT MCQs
Topic Notes: Computer Science/IT
MCQs and preparation resources for competitive exams, covering important concepts, past papers, and detailed explanations.
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
31
For the highest security, where should the secret key for a TOTP authenticator app be stored?
Answer:
In a secure hardware element on the smartphone.
Modern smartphones have a secure enclave or similar hardware-based secure storage area that is isolated from the main operating system. Storing sensitive data like MFA secret keys in this secure element provides strong protection against malware that might infect the phone.
32
The "right to be forgotten" (or right to erasure) is a key provision of which regulation?
Answer:
GDPR
Article 17 of the GDPR gives individuals the right to have their personal data erased under certain circumstances, such as when the data is no longer necessary for the purpose it was collected or when the individual withdraws consent.
33
What is the primary goal of a Denial-of-Service (DoS) attack?
Answer:
To make a machine or network resource unavailable to its intended users.
A DoS attack aims to overwhelm a target system with a flood of illegitimate requests, consuming its resources (like bandwidth or processing power) so that it cannot respond to legitimate traffic.
34
What does a "network-based" IDS (NIDS) monitor?
Answer:
The traffic passing through a specific point on a network, such as a switch or router.
A NIDS is deployed at a strategic point in the network to analyze traffic from all the devices on that segment. It is designed to detect threats like port scans, DoS attacks, or malware spreading across the network.
35
What is a primary challenge for an encrypted traffic inspection system (like an SSL proxy)?
Answer:
It requires breaking the end-to-end encryption to inspect the traffic, which can create privacy concerns and technical complexities.
To inspect encrypted (HTTPS) traffic, a security device must perform a form of "man-in-the-middle" interception. It decrypts the traffic, inspects it, and then re-encrypts it before sending it on. This process, while necessary for security, can be complex to implement correctly and raises significant privacy questions.
36
An "evil twin" attack is most likely to be found in which environment?
Answer:
A public Wi-Fi hotspot area.
An evil twin attack involves an attacker setting up a fraudulent Wi-Fi access point that appears to be a legitimate one (e.g., "Airport_Free_WiFi"). When users connect to this "evil twin," the attacker can monitor and intercept all of their internet traffic.
37
A "smurf" attack is a type of:
Answer:
DDoS attack that uses ICMP packets.
A smurf attack is a type of DDoS attack in which an attacker sends a large number of ICMP "ping" packets to a network broadcast address, with the source IP spoofed to be the victim's address. This causes all the devices on the network to reply to the victim, overwhelming it with traffic.
38
In the context of cryptography, what is "entropy"?
Answer:
The measure of randomness or unpredictability used to generate cryptographic keys.
Cryptographic systems require a source of high-quality randomness (entropy) to generate strong, unpredictable keys. This entropy can be gathered from unpredictable sources like mouse movements, keyboard timings, or electrical noise.
39
An attacker who uses social media to gather personal information about a target to craft a more convincing attack is performing:
Answer:
Reconnaissance
Reconnaissance, or information gathering, is the first phase of a targeted attack. The attacker learns as much as possible about the target (e.g., their job, colleagues, interests) to make the subsequent attack, such as spear phishing, more believable.
40
The strength of an encryption algorithm is often measured by its:
Answer:
Key length.
The key length, measured in bits (e.g., 128-bit, 256-bit), determines the number of possible keys. A longer key length means there are exponentially more possible keys, making a brute-force attack (trying every key) computationally infeasible.