Computer Science/IT MCQs
Topic Notes: Computer Science/IT
MCQs and preparation resources for competitive exams, covering important concepts, past papers, and detailed explanations.
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
5251
What is a major vulnerability of SMS-based 2FA?
Answer:
SIM swapping attacks.
A SIM swapping attack is where a criminal convinces your mobile carrier to transfer your phone number to a SIM card in their possession. Once they control your number, they can intercept any 2FA codes sent via SMS and use them to access your accounts.
5252
The cryptographic "nonce" (number used once) is:
Answer:
An arbitrary number that is used only one time in a cryptographic communication.
A nonce is often used to prevent replay attacks. By including a unique, unpredictable number in a communication, the server can ensure that an attacker cannot simply capture and replay an old message, as the nonce will be different for each new session.
5253
A "bastion host" is a computer on a network that is:
Answer:
A computer that is specifically designed and configured to be exposed to and withstand attacks from the untrusted internet.
A bastion host is a specially hardened system that is placed in a public-facing location like a DMZ. It is designed to be a network's "strong point," often running a single service (like a proxy or VPN server) and having all other services and unnecessary software removed to minimize its attack surface.
5254
What is "perfect forward secrecy" (PFS)?
Answer:
A feature of some key exchange protocols that ensures that if a long-term private key is compromised, past session keys cannot be derived from it.
PFS ensures that each communication session uses a unique, temporary session key. This means that even if an attacker records all of your encrypted traffic for a year and then steals the server's long-term private key, they still cannot go back and decrypt those past conversations.
5255
The SHA-256 algorithm is an example of a:
Answer:
Cryptographic hash function
SHA-256 (Secure Hash Algorithm 256-bit) is a widely used hash function that produces a 256-bit (32-byte) hash value. It is commonly used for password hashing, data integrity checks, and in cryptocurrencies like Bitcoin.
5256
When an IDS/IPS matches traffic against a database of known malicious patterns, it is using:
Answer:
Signature-based detection
This is the definition of signature-based detection. The system has a database containing signatures of known attacks (e.g., a specific byte sequence in a packet, a certain type of port scan), and it compares network traffic against this database.
5257
What does a Universal Second Factor (U2F) device do?
Answer:
It is a standard, now part of FIDO2, that enables a single physical security key to be used as a second factor across many different online services.
U2F was a pioneering standard that allowed a single hardware key to work with any service that supported the protocol, simplifying the use of MFA for users. It has since been incorporated into the broader FIDO2 and WebAuthn standards.
5258
The California Consumer Privacy Act (CCPA) grants consumers the right to:
Answer:
All of the above.
The CCPA, now expanded by the CPRA, provides California residents with a set of strong privacy rights, giving them more control over how businesses collect, use, and share their personal information.
5259
What is the FIDO (Fast Identity Online) Alliance?
Answer:
An open industry association with a mission to develop and promote authentication standards that reduce the world's over-reliance on passwords.
The FIDO Alliance created standards like FIDO2 and WebAuthn, which enable passwordless and multi-factor authentication using standard public-key cryptography. This allows users to log in with devices like security keys or biometrics in a secure and standardized way across different websites and platforms.
5260
In a "session hijacking" attack, the attacker:
Answer:
Steals a user's valid session ID or cookie to gain unauthorized access to a web application.
When you log into a website, it gives your browser a temporary "session cookie" to keep you logged in. In a session hijacking attack, the attacker steals this cookie (often via XSS or a MitM attack) and uses it to impersonate the legitimate user without needing their password.