Computer Science/IT MCQs
Topic Notes: Computer Science/IT
MCQs and preparation resources for competitive exams, covering important concepts, past papers, and detailed explanations.
Plato
- Biography: Ancient Greek philosopher (427–347 BCE), student of Socrates and teacher of Aristotle, founder of the Academy in Athens.
- Important Ideas:
- Theory of Forms
- Philosopher-King
- Ideal State
5311
An attacker who changes the DNS records for a domain to redirect users to a malicious website is performing:
Answer:
DNS hijacking or poisoning.
DNS hijacking involves compromising a domain's DNS settings to point the domain name (e.g., `www.mybank.com`) to a different, malicious IP address. This is a powerful attack because users who type the correct URL will still be sent to the attacker's fake site.
5312
Under GDPR, a "data breach" must typically be reported to the supervisory authority within what timeframe after the organization becomes aware of it?
Answer:
72 hours
The GDPR has a strict breach notification requirement. Unless the breach is unlikely to result in a risk to the rights and freedoms of individuals, the organization must report it to the relevant data protection authority within 72 hours.
5313
What is a "dictionary attack"?
Answer:
A type of brute-force attack that uses a pre-compiled list of common words and phrases (a "dictionary") as passwords.
A dictionary attack is a more refined version of a brute-force attack. Instead of trying every possible character combination, it focuses on likely passwords found in a dictionary, making it much faster if the user has chosen a weak, common password.
5314
End-to-end encryption (E2EE) provides the highest level of confidentiality because:
Answer:
The data is encrypted on the sender's device and can only be decrypted on the recipient's device.
With E2EE, the service provider in the middle (e.g., the messaging app company) cannot access the plaintext of the messages. The encryption and decryption happen only at the "endpoints" (the user devices), ensuring that no one other than the sender and intended recipient can read the content.
5315
An attacker who alters the ARP tables on a local network to redirect traffic through their own machine is setting up for what kind of attack?
Answer:
A Man-in-the-Middle attack
This technique, known as ARP spoofing or ARP poisoning, is a common method for initiating a Man-in-the-Middle attack on a local area network (LAN). By corrupting the ARP cache of other devices, the attacker tricks them into sending network traffic to the attacker's machine instead of the legitimate gateway or destination.
5316
"Push notifications" for MFA work by:
Answer:
Sending a prompt to a trusted device (like your phone) that you simply tap to approve or deny the login attempt.
With push-based MFA, when you try to log in, a notification is sent to a pre-registered app on your smartphone. You can then approve the login with a single tap, making it a very user-friendly MFA method.
5317
"Credential stuffing" is an attack where:
Answer:
An attacker uses lists of compromised usernames and passwords from one data breach to try and log in to other, unrelated services.
Credential stuffing exploits the common user behavior of password reuse. Attackers take lists of credentials leaked from a breach at Company A and use automated bots to try them on the login pages of Company B, Company C, and so on.
5318
What is the difference often implied between "two-step verification" (2SV) and "two-factor authentication" (2FA)?
Answer:
2SV might use two factors from the same category (e.g., password and PIN), while 2FA requires factors from two different categories.
While the terms are often used interchangeably, there is a subtle technical distinction. "Two-factor" (2FA) specifically means using two factors from *different* categories (e.g., knowledge + possession). "Two-step" (2SV) is a broader term that just means there are two sequential steps, which could be from the same category. However, in common usage, they are mostly synonymous.
5319
Using a password (knowledge) and a fingerprint scan (inherence) to log in is an example of:
Answer:
Multi-factor authentication.
This is a classic example of MFA because it requires the user to provide proof from two *different* categories of authentication factors (knowledge and inherence).
5320
Export control laws, such as those in the United States, can restrict the "export" of what technology relevant to cybersecurity?
Answer:
Strong encryption software and technology.
Historically, strong encryption was classified as a "munition" by some governments, and its export was heavily restricted due to national security concerns. While these regulations have been relaxed, restrictions still exist on exporting certain high-strength cryptographic technologies to specific countries.