Computer Science/IT MCQs
Topic Notes: Computer Science/IT
MCQs and preparation resources for competitive exams, covering important concepts, past papers, and detailed explanations.
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
5241
The process of converting ciphertext back into plaintext is called:
Answer:
Decryption
Decryption is the reverse of encryption. It uses a key to transform the unreadable ciphertext back into its original, readable plaintext form.
5242
A password is an example of which type of authentication factor?
Answer:
Knowledge (something you know)
A password or a Personal Identification Number (PIN) is a piece of secret information that the user must know and recall to authenticate.
5243
What does the term "data sovereignty" refer to?
Answer:
The idea that information which has been converted and stored in binary digital form is subject to the laws of the country in which it is located.
Data sovereignty is a concept where data is subject to the legal jurisdiction of the country where that data is physically stored. This has major implications for cloud computing, as data stored in a foreign country may be subject to that country's laws regarding government access.
5244
What is "brute-forcing" a key?
Answer:
Trying every single possible key until the correct one is found.
A brute-force attack on a cipher involves systematically trying all possible keys. The feasibility of this attack is determined by the key length; for modern key lengths like AES-256, a brute-force attack is computationally impossible with current technology.
5245
Cross-Site Request Forgery (CSRF) is an attack that:
Answer:
Tricks a victim's web browser into making an unintended, malicious request to a website they are authenticated to.
In a CSRF attack, an attacker tricks a logged-in user into, for example, clicking a link that secretly sends a request to their banking website to transfer money. The website sees a legitimate request coming from the user's browser and processes it.
5246
Why is a layered security approach (defense-in-depth) involving firewalls, IDS/IPS, and antivirus important?
Answer:
Each tool provides a different type of protection, and if one layer is bypassed, another may still stop the attack.
Defense-in-depth is a core security principle. It acknowledges that no single security control is perfect. By layering different types of controls (e.g., a firewall for the perimeter, an IPS for network threats, and antivirus for the endpoint), you create a much more resilient and robust security posture.
5247
A Web Application Firewall (WAF) is a specialized type of firewall designed to protect against:
Answer:
Attacks targeting web applications, such as SQL Injection and Cross-Site Scripting.
A WAF sits in front of a web application and is specifically designed to understand and filter HTTP traffic. It provides a layer of defense against common web-based attacks that a traditional network firewall might not be able to detect.
5248
What is a "proxy" firewall (or application-level gateway)?
Answer:
A firewall that acts as an intermediary for requests from clients seeking resources from other servers.
A proxy firewall makes connections on behalf of the internal client. The internal client connects to the proxy, and the proxy connects to the external server. This means there is no direct network connection between the inside and outside, providing a high level of security at the application layer.
5249
Why would a security administrator use a packet sniffer like Wireshark?
Answer:
To capture and analyze the raw data packets traveling over a network for troubleshooting or security analysis.
A packet sniffer is a powerful diagnostic tool that allows an administrator to see the exact contents of the data packets on their network. This is invaluable for diagnosing network problems, analyzing malware behavior, and detecting security threats.
5250
The Sarbanes-Oxley Act (SOX) in the US has cybersecurity implications because it:
Answer:
Requires publicly traded companies to have proper internal controls and security for their financial reporting data.
While primarily a financial regulation, SOX requires corporate executives to certify the accuracy of their financial statements. This implicitly requires strong IT security controls to ensure the integrity and accuracy of the underlying financial data.