Computer Science/IT MCQs
Topic Notes: Computer Science/IT
MCQs and preparation resources for competitive exams, covering important concepts, past papers, and detailed explanations.
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
71
What does the term "data sovereignty" refer to?
Answer:
The idea that information which has been converted and stored in binary digital form is subject to the laws of the country in which it is located.
Data sovereignty is a concept where data is subject to the legal jurisdiction of the country where that data is physically stored. This has major implications for cloud computing, as data stored in a foreign country may be subject to that country's laws regarding government access.
72
What is "brute-forcing" a key?
Answer:
Trying every single possible key until the correct one is found.
A brute-force attack on a cipher involves systematically trying all possible keys. The feasibility of this attack is determined by the key length; for modern key lengths like AES-256, a brute-force attack is computationally impossible with current technology.
73
Cross-Site Request Forgery (CSRF) is an attack that:
Answer:
Tricks a victim's web browser into making an unintended, malicious request to a website they are authenticated to.
In a CSRF attack, an attacker tricks a logged-in user into, for example, clicking a link that secretly sends a request to their banking website to transfer money. The website sees a legitimate request coming from the user's browser and processes it.
74
Why is a layered security approach (defense-in-depth) involving firewalls, IDS/IPS, and antivirus important?
Answer:
Each tool provides a different type of protection, and if one layer is bypassed, another may still stop the attack.
Defense-in-depth is a core security principle. It acknowledges that no single security control is perfect. By layering different types of controls (e.g., a firewall for the perimeter, an IPS for network threats, and antivirus for the endpoint), you create a much more resilient and robust security posture.
75
A Web Application Firewall (WAF) is a specialized type of firewall designed to protect against:
Answer:
Attacks targeting web applications, such as SQL Injection and Cross-Site Scripting.
A WAF sits in front of a web application and is specifically designed to understand and filter HTTP traffic. It provides a layer of defense against common web-based attacks that a traditional network firewall might not be able to detect.
76
What is a "proxy" firewall (or application-level gateway)?
Answer:
A firewall that acts as an intermediary for requests from clients seeking resources from other servers.
A proxy firewall makes connections on behalf of the internal client. The internal client connects to the proxy, and the proxy connects to the external server. This means there is no direct network connection between the inside and outside, providing a high level of security at the application layer.
77
Why would a security administrator use a packet sniffer like Wireshark?
Answer:
To capture and analyze the raw data packets traveling over a network for troubleshooting or security analysis.
A packet sniffer is a powerful diagnostic tool that allows an administrator to see the exact contents of the data packets on their network. This is invaluable for diagnosing network problems, analyzing malware behavior, and detecting security threats.
78
The Sarbanes-Oxley Act (SOX) in the US has cybersecurity implications because it:
Answer:
Requires publicly traded companies to have proper internal controls and security for their financial reporting data.
While primarily a financial regulation, SOX requires corporate executives to certify the accuracy of their financial statements. This implicitly requires strong IT security controls to ensure the integrity and accuracy of the underlying financial data.
79
What is a major vulnerability of SMS-based 2FA?
Answer:
SIM swapping attacks.
A SIM swapping attack is where a criminal convinces your mobile carrier to transfer your phone number to a SIM card in their possession. Once they control your number, they can intercept any 2FA codes sent via SMS and use them to access your accounts.
80
The cryptographic "nonce" (number used once) is:
Answer:
An arbitrary number that is used only one time in a cryptographic communication.
A nonce is often used to prevent replay attacks. By including a unique, unpredictable number in a communication, the server can ensure that an attacker cannot simply capture and replay an old message, as the nonce will be different for each new session.