Computer Science/IT MCQs
Topic Notes: Computer Science/IT
MCQs and preparation resources for competitive exams, covering important concepts, past papers, and detailed explanations.
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
81
A "bastion host" is a computer on a network that is:
Answer:
A computer that is specifically designed and configured to be exposed to and withstand attacks from the untrusted internet.
A bastion host is a specially hardened system that is placed in a public-facing location like a DMZ. It is designed to be a network's "strong point," often running a single service (like a proxy or VPN server) and having all other services and unnecessary software removed to minimize its attack surface.
82
What is "perfect forward secrecy" (PFS)?
Answer:
A feature of some key exchange protocols that ensures that if a long-term private key is compromised, past session keys cannot be derived from it.
PFS ensures that each communication session uses a unique, temporary session key. This means that even if an attacker records all of your encrypted traffic for a year and then steals the server's long-term private key, they still cannot go back and decrypt those past conversations.
83
The SHA-256 algorithm is an example of a:
Answer:
Cryptographic hash function
SHA-256 (Secure Hash Algorithm 256-bit) is a widely used hash function that produces a 256-bit (32-byte) hash value. It is commonly used for password hashing, data integrity checks, and in cryptocurrencies like Bitcoin.
84
When an IDS/IPS matches traffic against a database of known malicious patterns, it is using:
Answer:
Signature-based detection
This is the definition of signature-based detection. The system has a database containing signatures of known attacks (e.g., a specific byte sequence in a packet, a certain type of port scan), and it compares network traffic against this database.
85
What does a Universal Second Factor (U2F) device do?
Answer:
It is a standard, now part of FIDO2, that enables a single physical security key to be used as a second factor across many different online services.
U2F was a pioneering standard that allowed a single hardware key to work with any service that supported the protocol, simplifying the use of MFA for users. It has since been incorporated into the broader FIDO2 and WebAuthn standards.
86
The California Consumer Privacy Act (CCPA) grants consumers the right to:
Answer:
All of the above.
The CCPA, now expanded by the CPRA, provides California residents with a set of strong privacy rights, giving them more control over how businesses collect, use, and share their personal information.
87
What is the FIDO (Fast Identity Online) Alliance?
Answer:
An open industry association with a mission to develop and promote authentication standards that reduce the world's over-reliance on passwords.
The FIDO Alliance created standards like FIDO2 and WebAuthn, which enable passwordless and multi-factor authentication using standard public-key cryptography. This allows users to log in with devices like security keys or biometrics in a secure and standardized way across different websites and platforms.
88
In a "session hijacking" attack, the attacker:
Answer:
Steals a user's valid session ID or cookie to gain unauthorized access to a web application.
When you log into a website, it gives your browser a temporary "session cookie" to keep you logged in. In a session hijacking attack, the attacker steals this cookie (often via XSS or a MitM attack) and uses it to impersonate the legitimate user without needing their password.
89
What is a "directory traversal" or "path traversal" attack?
Answer:
An attack that tries to access files and directories that are stored outside the web root folder by manipulating variables that reference file paths.
In a directory traversal attack, the attacker uses sequences like "../" (dot-dot-slash) to trick the web server into navigating up the directory tree and accessing sensitive system files that should not be publicly accessible, such as `/etc/passwd`.
90
A "birthday attack" is a type of cryptographic attack that:
Answer:
Exploits the mathematics behind the birthday problem in probability theory to find collisions in hash functions.
The birthday paradox shows that you only need 23 people in a room to have a 50% chance that two of them share a birthday. Similarly, a birthday attack can find two different inputs that produce the same hash output (a "collision") much faster than a brute-force approach, which can be used to forge digital signatures.