CS102: COMPUTER SCIENCE 102: INTRODUCTION
TO COMPUTER SCIENCE & ADVANCED COMPUTER
SCIENCE TOPICS | 50 COMPREHENSIVE QUESTIONS
& CORRECT ANSWERS (LATEST 2025/2026)
Question no 1:
You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use
your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how
would you identify whether someone is performing an ARP spoofing attack on your laptop?
You should use netstat to check for any suspicious connections with another IP address within the
LAN.
You should check your ARP table and see if there is one IP address with two different MAC
addresses.
You cannot identify such an attack and must use a VPN to protect your traffic.
You should scan the network using Nmap to check the MAC addresses of all the hosts and look for
duplicates.
Question no 2:
Which of the following tactics uses malicious code to redirect users’ web traffic?
Pharming
Spimming
Phishing
Spear-phishing
Question no 3:
Which Nmap switch helps evade IDS or firewalls?
-T
-n/-R
-oN/-oX/-oG
-D
,Question no 4:
When considering how an attacker may exploit a web server, what is web server
footprinting?
When an attacker gathers system-level data, including account details and server names
When an attacker uses a brute-force attack to crack a web-server password
When an attacker creates a complete profile of the site’s external links and file structures
When an attacker implements a vulnerability scanner to identify weaknesses
Question no 5:
everox Solutions hired Arnold, a security professional, for the threat intelligence process.
Arnold collected information about specific threats against the organization. From this
information, he retrieved contextual information about security events and incidents that
helped him disclose potential risks and gain insight into attacker methodologies. He collected
the information from sources such as humans, social media, and chat rooms as well as from
events that resulted in cyberattacks. In this process, he also prepared a report that includes
identified malicious activities, recommended courses of action, and warnings for emerging
attacks.
What is the type of threat intelligence collected by Arnold in the above scenario?
Operational threat intelligence
Tactical threat intelligence
Technical threat intelligence
Strategic threat intelligence
Question no 6:
Larry, a security professional in an organization, has noticed some abnormalities in the user
accounts on a web server. To thwart evolving attacks, he decided to harden the security of
the web server by adopting a few countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts
on the web server?
Enable all non-interactive accounts that should exist but do not require interactive login
Limit the administrator or root-level access to the minimum number of users
Enable unused default user accounts created during the installation of an OS
, Retain all unused modules and application extensions
Question no 7:
Attacker Steve targeted an organization’s network with the aim of redirecting the company’s
web traffic to another malicious website. To achieve this goal, Steve performed DNS cache
poisoning by exploiting the vulnerabilities in the DNS server software and modified the
original IP address of the target website to that of a fake website.
What is the technique employed by Steve to gather information for identity theft?
Pretexting
Wardriving
Skimming
Pharming
Question no 8:
Eric, a cloud security engineer, implements a technique for securing the cloud resources used
by his organization. This technique assumes by default that a user attempting to access the
network is not an authentic entity and verifies every incoming connection before allowing
access to the network. Using this technique, he also imposed conditions such that employees
can access only the resources required for their role.
What is the technique employed by Eric to secure cloud resources?
Demilitarized zone
Serverless computing
Container technology
Zero trust network
Question no 9:
Calvin, a software developer, uses a feature that helps him auto-generate the content of a
web page without manual involvement and is integrated with SSI directives. This leads to a
vulnerability in the developed web application as this feature accepts remote user inputs and
uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as
input values to perform malicious activities such as modifying and erasing server files.
What is the type of injection attack Calvin’s web application is susceptible to?
TO COMPUTER SCIENCE & ADVANCED COMPUTER
SCIENCE TOPICS | 50 COMPREHENSIVE QUESTIONS
& CORRECT ANSWERS (LATEST 2025/2026)
Question no 1:
You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use
your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how
would you identify whether someone is performing an ARP spoofing attack on your laptop?
You should use netstat to check for any suspicious connections with another IP address within the
LAN.
You should check your ARP table and see if there is one IP address with two different MAC
addresses.
You cannot identify such an attack and must use a VPN to protect your traffic.
You should scan the network using Nmap to check the MAC addresses of all the hosts and look for
duplicates.
Question no 2:
Which of the following tactics uses malicious code to redirect users’ web traffic?
Pharming
Spimming
Phishing
Spear-phishing
Question no 3:
Which Nmap switch helps evade IDS or firewalls?
-T
-n/-R
-oN/-oX/-oG
-D
,Question no 4:
When considering how an attacker may exploit a web server, what is web server
footprinting?
When an attacker gathers system-level data, including account details and server names
When an attacker uses a brute-force attack to crack a web-server password
When an attacker creates a complete profile of the site’s external links and file structures
When an attacker implements a vulnerability scanner to identify weaknesses
Question no 5:
everox Solutions hired Arnold, a security professional, for the threat intelligence process.
Arnold collected information about specific threats against the organization. From this
information, he retrieved contextual information about security events and incidents that
helped him disclose potential risks and gain insight into attacker methodologies. He collected
the information from sources such as humans, social media, and chat rooms as well as from
events that resulted in cyberattacks. In this process, he also prepared a report that includes
identified malicious activities, recommended courses of action, and warnings for emerging
attacks.
What is the type of threat intelligence collected by Arnold in the above scenario?
Operational threat intelligence
Tactical threat intelligence
Technical threat intelligence
Strategic threat intelligence
Question no 6:
Larry, a security professional in an organization, has noticed some abnormalities in the user
accounts on a web server. To thwart evolving attacks, he decided to harden the security of
the web server by adopting a few countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts
on the web server?
Enable all non-interactive accounts that should exist but do not require interactive login
Limit the administrator or root-level access to the minimum number of users
Enable unused default user accounts created during the installation of an OS
, Retain all unused modules and application extensions
Question no 7:
Attacker Steve targeted an organization’s network with the aim of redirecting the company’s
web traffic to another malicious website. To achieve this goal, Steve performed DNS cache
poisoning by exploiting the vulnerabilities in the DNS server software and modified the
original IP address of the target website to that of a fake website.
What is the technique employed by Steve to gather information for identity theft?
Pretexting
Wardriving
Skimming
Pharming
Question no 8:
Eric, a cloud security engineer, implements a technique for securing the cloud resources used
by his organization. This technique assumes by default that a user attempting to access the
network is not an authentic entity and verifies every incoming connection before allowing
access to the network. Using this technique, he also imposed conditions such that employees
can access only the resources required for their role.
What is the technique employed by Eric to secure cloud resources?
Demilitarized zone
Serverless computing
Container technology
Zero trust network
Question no 9:
Calvin, a software developer, uses a feature that helps him auto-generate the content of a
web page without manual involvement and is integrated with SSI directives. This leads to a
vulnerability in the developed web application as this feature accepts remote user inputs and
uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as
input values to perform malicious activities such as modifying and erasing server files.
What is the type of injection attack Calvin’s web application is susceptible to?
