SBI SO(IT) & IBPS IT SPECIALIST

Features

 Syllabus covered through

solved mcqs along with
answers and explanations
 Every topic along with
subtopic covered
 Exclusive set of 500+ mcqs
 Included industry relevant
110 application based
situational mcq solved.
Initiative by IT Express
Framed and compiled by IT
Professionals with over 8+
years of IT experience for the
upcoming professionals

Credits : Sourav ( Ex TCS , Govt exam mentor/educator)

S.Singh (Deloitte USI) & others
INDEX

Topic Page Numbers

Software development 3 - 102
Infra Support 103 - 148
Networking 149 - 186
Cloud Operations 186 - 213
Application based situational 214 - 251
mcqs

2|P ag e
1. Software Development:
Data-Structures and Algorithms: o Questions based on Arrays, Linked List,
Stacks, Queues, Binary Tree, Binary Search Tree, Heaps, Hashing and Recursion. o
Searching and Sorting Algorithms along with their Space-Time Complexities -
Object Oriented Programming Concepts: Abstraction, Association, Encapsulation,
Composition, Polymorphism, Aggregation, Inheritance, Message Passing..

Data Structures and Algorithms

1. What is the time complexity of inserting an element into a binary heap?

 A) O(1)
 B) O(n)
 C) O(log n)
 D) O(n log n)

Answer: C
Explanation: Insertion in a binary heap involves placing the element at the bottom and
then "bubbling up," which takes O(log n) time.

2. Which data structure is used to implement a recursive function call in a

program?

 A) Queue
 B) Stack
 C) Heap
 D) Linked List

Answer: B
Explanation: Recursion uses a stack for storing the return address and local variables
during the function call.

3. Which sorting algorithm has the best average-case time complexity when
sorting an array with uniformly distributed elements?

 A) Merge Sort
 B) Quick Sort
 C) Heap Sort
 D) Counting Sort

Answer: D
Explanation: Counting Sort has an average-case time complexity of O(n + k) for
uniformly distributed data, where k is the range of input.

3|P ag e
4. What is the best case time complexity for searching an element in a balanced
binary search tree (BST)?

 A) O(1)
 B) O(log n)
 C) O(n)
 D) O(n log n)

Answer: B
Explanation: The best case for searching in a balanced BST is O(log n), achieved when
the element is near the root.

5. Which of the following data structures is used to implement LRU (Least

Recently Used) cache?

 A) Stack
 B) Queue and Hash Map
 C) Binary Search Tree and Linked List
 D) Heap and Linked List

Answer: B
Explanation: LRU cache is implemented using a combination of a doubly linked list (for
storing the order) and a hash map (for O(1) lookups).

6. Which of the following is true for a circular queue implemented using an array
of size n?

 A) It can hold n+1 elements

 B) It can hold n elements
 C) It can hold n-1 elements
 D) It can hold an arbitrary number of elements

Answer: C
Explanation: A circular queue implemented using an array can hold only n-1 elements
due to the need for a condition to distinguish between full and empty states.

7. Which of the following is the most space-efficient data structure to handle

collisions in a hash table?

 A) Chaining with Linked List

 B) Linear Probing
 C) Double Hashing
 D) Quadratic Probing

4|P ag e
 Answer: B
Explanation: Linear Probing uses no extra space for linked lists but instead reuses the
array, making it more space-efficient than chaining.

8. Which of the following algorithms is not stable?

 A) Merge Sort
 B) Bubble Sort
 C) Quick Sort
 D) Insertion Sort

Answer: C
Explanation: Quick Sort is not a stable sorting algorithm as it can change the relative
order of elements with equal keys.

9. What is the space complexity of the recursive implementation of merge sort?

 A) O(1)
 B) O(log n)
 C) O(n)
 D) O(n log n)

Answer: C
Explanation: Merge sort requires additional O(n) space for the temporary arrays used in
merging.

10. What is the time complexity of deleting an element from a min-heap of size n?

 A) O(1)
 B) O(log n)
 C) O(n)
 D) O(n log n)

Answer: B
Explanation: Deletion from a min-heap involves removing the root and heapifying the
remaining elements, which takes O(log n) time.

11. In a doubly linked list, what is the time complexity for searching an element?

 A) O(1)
 B) O(n)
 C) O(log n)
 D) O(n^2)

5|P ag e
 Answer: B
Explanation: Searching in a doubly linked list takes O(n) in the worst case since you
may need to traverse the entire list.

12. Which of the following trees allows efficient searching, insertion, and
deletion, but does not ensure balance?

 A) AVL Tree
 B) Red-Black Tree
 C) Binary Search Tree
 D) Splay Tree

Answer: C
Explanation: A Binary Search Tree allows these operations efficiently, but it may
become unbalanced and degenerate into a linked list.

13. What is the time complexity of a breadth-first search (BFS) on a graph with
V vertices and E edges using an adjacency list?

 A) O(V + E)
 B) O(V^2)
 C) O(E log V)
 D) O(V log E)

Answer: A
Explanation: BFS traverses all vertices and edges in a graph, resulting in a time
complexity of O(V + E) using an adjacency list.

14. Which sorting algorithm performs the same number of comparisons

regardless of the input data?

 A) Quick Sort
 B) Merge Sort
 C) Bubble Sort
 D) Insertion Sort

Answer: B
Explanation: Merge Sort performs a fixed number of comparisons for each pair of
elements, making it independent of the input distribution.

6|P ag e
15. Which of the following techniques is used to break a problem into smaller
subproblems and then combine their solutions?

 A) Dynamic Programming
 B) Divide and Conquer
 C) Greedy Algorithm
 D) Backtracking

Answer: B
Explanation: Divide and Conquer breaks a problem into smaller subproblems, solves
them independently, and combines their results.

16. Which data structure supports both FIFO (First In First Out) and LIFO
(Last In First Out) operations?

 A) Stack
 B) Deque
 C) Queue
 D) Priority Queue

Answer: B
Explanation: A deque (double-ended queue) supports both FIFO and LIFO operations
by allowing insertion and deletion at both ends.

17. What is the worst-case time complexity of Quick Sort?

 A) O(n log n)
 B) O(n)
 C) O(n^2)
 D) O(log n)

Answer: C
Explanation: The worst-case time complexity of Quick Sort occurs when the pivot is
consistently the smallest or largest element, resulting in O(n^2) time.

18. Which of the following is the in-place sorting algorithm?

 A) Merge Sort
 B) Quick Sort
 C) Radix Sort
 D) Counting Sort

7|P ag e
 Answer: B
Explanation: Quick Sort is an in-place sorting algorithm as it does not require extra
storage, while Merge Sort requires additional space for merging.

19. In an AVL tree, what is the maximum difference in heights between the left
and right subtrees of a node?

 A) 1
 B) 2
 C) n
 D) 0

Answer: A
Explanation: In an AVL tree, the difference in heights between the left and right
subtrees of any node is at most 1 to maintain balance.

20. What is the time complexity of deleting a node from a binary search tree
(BST) in the worst case?

 A) O(log n)
 B) O(n)
 C) O(n log n)
 D) O(1)

Answer: B
Explanation: The worst-case time complexity of deletion in a BST is O(n), which
happens when the tree is skewed (essentially behaving like a linked list).

21. What is the minimum height of a binary search tree with n nodes?

 A) O(n)
 B) O(log n)
 C) O(n log n)
 D) O(1)

Answer: B
Explanation: The minimum height of a binary search tree with n nodes is O(log n),
achieved when the tree is balanced.

22. Which data structure is best suited for implementing an undo operation in
text editors?

 A) Queue
 B) Stack
 C) Linked List

8|P ag e
  D) Hash Table

Answer: B
Explanation: Stack is used for the undo operation, as it follows the LIFO (Last In First
Out) principle, allowing the most recent operation to be reversed first.

23. What is the main advantage of using a doubly linked list over a singly linked
list?

 A) Faster memory allocation

 B) Reduced memory usage
 C) Ability to traverse the list in both directions
 D) Better cache locality

Answer: C
Explanation: The primary advantage of a doubly linked list is the ability to traverse the
list in both forward and backward directions, as each node points to both its previous and
next nodes.

24. Which of the following is true for a hash function used in hashing?

 A) It must be non-injective
 B) It should map distinct keys to the same index
 C) It should minimize collisions
 D) It must be a bijective function

Answer: C
Explanation: A good hash function should minimize collisions, i.e., the number of
instances where two different keys map to the same index.

25. In the context of binary heaps, what is the parent of the node at index 'i'?

 A) 2i
 B) i/2
 C) (i-1)/2
 D) (i+1)/2

Answer: C
Explanation: In a binary heap, the parent of the node at index 'i' can be found at the
index (i-1)/2.

26. What is the time complexity of inserting an element into a hash table with
chaining in the best case?

 A) O(1)
 B) O(n)
9|P ag e
  C) O(log n)
 D) O(n^2)

Answer: A
Explanation: In the best case, where there are no collisions, inserting an element into a
hash table with chaining takes O(1) time.

27. What is the time complexity of accessing an element in a hash table in the
worst case?

 A) O(1)
 B) O(log n)
 C) O(n)
 D) O(n log n)

Answer: C
Explanation: In the worst case, where all keys hash to the same index, a hash table
degrades to a linked list, leading to O(n) access time.

28. Which of the following traversal strategies guarantees visiting nodes level by
level in a tree?

 A) Pre-order Traversal
 B) Post-order Traversal
 C) Depth First Search
 D) Breadth First Search

Answer: D
Explanation: Breadth First Search (BFS) guarantees level-by-level traversal of nodes in
a tree or graph.

29. In a priority queue implemented using a binary heap, what is the time
complexity of extracting the maximum element?

 A) O(1)
 B) O(log n)
 C) O(n)
 D) O(n log n)

Answer: B
Explanation: Extracting the maximum element from a binary heap takes O(log n) time
due to the need to re-heapify the structure after removal.

30. What is the time complexity of finding the median in a sorted array?

10 | P a g e
  A) O(1)
 B) O(log n)
 C) O(n)
 D) O(n log n)

Answer: A
Explanation: The median can be found in O(1) time in a sorted array, as it is located at
the middle index.

31. What is the advantage of using a self-balancing binary search tree (e.g., AVL
Tree) over a normal binary search tree?

 A) Faster search in the worst case

 B) Less memory usage
 C) Better insertion speed
 D) Simpler implementation

Answer: A
Explanation: Self-balancing binary search trees like AVL Trees provide faster search in
the worst case (O(log n)) as they maintain balance, preventing degeneration into a linked
list.

32. Which of the following algorithms is used to find the shortest path in a graph
with negative edge weights?

 A) Dijkstra's Algorithm
 B) Prim's Algorithm
 C) Bellman-Ford Algorithm
 D) Kruskal's Algorithm

Answer: C
Explanation: The Bellman-Ford Algorithm is used to find the shortest path in graphs
with negative edge weights, unlike Dijkstra's, which fails with negative edges.

33. Which sorting algorithm is the most efficient when the input array is nearly
sorted?

 A) Merge Sort
 B) Quick Sort
 C) Insertion Sort
 D) Bubble Sort

Answer: C
Explanation: Insertion Sort works very efficiently when the input array is nearly sorted,
with a time complexity of O(n) in this case.

11 | P a g e
34. What is the advantage of using an adjacency list over an adjacency matrix for
graph representation?

 A) Faster access time for edges

 B) Requires less space for sparse graphs
 C) Easier to implement
 D) More memory-efficient for dense graphs

Answer: B
Explanation: An adjacency list is more space-efficient than an adjacency matrix for
sparse graphs, where the number of edges is much smaller than the number of vertices.

35. Which tree traversal algorithm can be used to serialize a binary tree
uniquely?

 A) Pre-order Traversal
 B) In-order Traversal
 C) Post-order Traversal
 D) Level-order Traversal

Answer: A
Explanation: Pre-order traversal is commonly used to serialize a binary tree, as it
captures the structure of the tree uniquely, including the null markers.

36. What is the primary disadvantage of using recursive algorithms?

 A) Inefficient for large inputs due to stack overhead

 B) Difficult to implement
 C) Does not work with loops
 D) Cannot be used with dynamic programming

Answer: A
Explanation: Recursive algorithms can lead to stack overflow and inefficient memory
usage for large inputs due to the overhead of recursive function calls.

37. Which data structure is used to implement Prim's algorithm for Minimum
Spanning Tree efficiently?

 A) Stack
 B) Queue
 C) Priority Queue (Min-Heap)
 D) Linked List

12 | P a g e
 Answer: C
Explanation: Prim's algorithm uses a priority queue (typically implemented as a min-
heap) to efficiently find the minimum weight edge to add to the growing spanning tree.

38. In a graph represented using an adjacency list, what is the time complexity of
finding all neighbors of a given node?

 A) O(1)
 B) O(V)
 C) O(E)
 D) O(degree of the node)

Answer: D
Explanation: In an adjacency list, the time complexity to find all neighbors of a node is
proportional to the degree of that node.

39. Which algorithm is used to detect cycles in a directed graph?

 A) Depth First Search (DFS)

 B) Breadth First Search (BFS)
 C) Kruskal's Algorithm
 D) Dijkstra's Algorithm

Answer: A
Explanation: DFS is used to detect cycles in a directed graph by marking nodes and
checking for back edges during traversal.

40. Which of the following is a self-balancing binary search tree?

 A) Red-Black Tree
 B) Binary Heap
 C) B-tree
 D) Trie

Answer: A
Explanation: A Red-Black Tree is a self-balancing binary search tree, ensuring O(log n)
time complexity for insertion, deletion, and search operations.

41. What is the time complexity of the best-case scenario of the Heap Sort
algorithm?

 A) O(n log n)
 B) O(n)
 C) O(log n)
 D) O(n^2)

13 | P a g e
 Answer: A
Explanation: The best-case time complexity of Heap Sort is O(n log n), similar to its
average and worst-case time complexities.

42. Which sorting algorithm is not a comparison-based sorting algorithm?

 A) Merge Sort
 B) Heap Sort
 C) Quick Sort
 D) Radix Sort

Answer: D
Explanation: Radix Sort is not a comparison-based sorting algorithm; it sorts numbers
by processing individual digits.

43. In a binary search tree, which traversal method will give the nodes in
increasing order?

 A) Pre-order Traversal
 B) Post-order Traversal
 C) In-order Traversal
 D) Level-order Traversal

Answer: C
Explanation: In-order traversal of a binary search tree (BST) visits the nodes in
increasing order.

44. What is the maximum height of a red-black tree with n nodes?

 A) 2 log(n+1)
 B) log n
 C) 2 log n
 D) log(n) + 1

Answer: A
Explanation: The maximum height of a red-black tree is 2 log(n+1), where n is the
number of nodes. Red-black trees are balanced, with a height that ensures efficient search
operations.

45. Which data structure would you use to represent a set of non-overlapping
intervals?

 A) Segment Tree
 B) Binary Search Tree
 C) Red-Black Tree
 D) AVL Tree
14 | P a g e
 Answer: A
Explanation: A segment tree is used to represent intervals efficiently, allowing for fast
querying of overlapping intervals.

46. What is the time complexity of inserting an element into a binary search tree
in the worst case?

 A) O(n)
 B) O(log n)
 C) O(1)
 D) O(n log n)

Answer: A
Explanation: In the worst case, a binary search tree can degenerate into a linked list,
resulting in O(n) insertion time.

47. Which of the following is not a valid advantage of using dynamic

programming over recursion?

 A) Reduced time complexity

 B) Avoiding overlapping subproblems
 C) Better space complexity
 D) Avoiding recalculating solutions

Answer: C
Explanation: Dynamic programming typically improves time complexity by avoiding
recalculation of overlapping subproblems, but it often comes at the cost of increased
space complexity (due to memoization).

48. What is the time complexity of searching for an element in a skip list with n
elements?

 A) O(log n)
 B) O(n)
 C) O(1)
 D) O(n log n)

Answer: A
Explanation: The time complexity of searching in a skip list is O(log n) on average, as
the skip list allows for faster traversal compared to a linked list.

49. Which of the following algorithms is used to find strongly connected

components in a directed graph?

 A) Floyd-Warshall Algorithm

15 | P a g e
  B) Kahn's Algorithm
 C) Kosaraju’s Algorithm
 D) Bellman-Ford Algorithm

Answer: C
Explanation: Kosaraju’s Algorithm is used to find all strongly connected components in
a directed graph efficiently.

50. In hashing, which technique resolves collisions by moving the collided

element to another location in the table?

 A) Chaining
 B) Open Addressing
 C) Double Hashing
 D) Quadratic Probing

Answer: B
Explanation: Open Addressing resolves collisions by moving the collided element to
another available slot in the hash table.

51. Which algorithm is used to detect negative weight cycles in a graph?

 A) Dijkstra's Algorithm
 B) Prim's Algorithm
 C) Bellman-Ford Algorithm
 D) Kruskal's Algorithm

Answer: C
Explanation: The Bellman-Ford algorithm can detect negative weight cycles by relaxing
edges n-1 times and checking for further improvements.

52. Which data structure is most suitable for implementing a circular buffer?

 A) Queue
 B) Stack
 C) Array
 D) Circular Queue

Answer: D
Explanation: A circular queue is the most suitable data structure for implementing a
circular buffer, as it efficiently manages the buffer's finite size.

53. What is the minimum number of edges in a connected graph with n vertices
and no cycles?

 A) n-1
16 | P a g e
  B) n
 C) n+1
 D) 2n-1

Answer: A
Explanation: A connected graph with no cycles is a tree, and a tree with n vertices has n-
1 edges.

54. In an AVL tree, what is the time complexity of a rotation operation?

 A) O(1)
 B) O(log n)
 C) O(n)
 D) O(n log n)

Answer: A
Explanation: In an AVL tree, both left and right rotations are O(1) operations, as they
involve only a constant amount of pointer manipulation.

55. Which of the following algorithms solves the single-source shortest path
problem in a graph with non-negative edge weights?

 A) Bellman-Ford Algorithm
 B) Floyd-Warshall Algorithm
 C) Dijkstra's Algorithm
 D) Kruskal's Algorithm

Answer: C
Explanation: Dijkstra's Algorithm solves the single-source shortest path problem
efficiently when all edge weights are non-negative.

56. What is the best-case time complexity for a Breadth-First Search (BFS)
traversal in a graph?

 A) O(V)
 B) O(V+E)
 C) O(E log V)
 D) O(V log V)

Answer: B
Explanation: The best-case time complexity for BFS is O(V + E), where V is the
number of vertices and E is the number of edges in the graph.

Object-Oriented Programming Concepts

17 | P a g e
1. Which of the following is not a feature of Object-Oriented Programming?

 A) Abstraction
 B) Encapsulation
 C) Inheritance
 D) Compilation

Answer: D
Explanation: Compilation is related to how code is converted from a high-level language
into machine code, whereas Object-Oriented Programming (OOP) concepts include
abstraction, encapsulation, and inheritance.

2. What is the primary purpose of encapsulation in OOP?

 A) To allow inheritance of classes

 B) To hide the internal details of an object
 C) To improve memory management
 D) To enable polymorphism

Answer: B
Explanation: Encapsulation is the process of wrapping the data (attributes) and code
(methods) into a single unit, or class, and restricting direct access to some of the object's
components, thereby hiding the internal implementation.

3. Which of the following concepts allows a subclass to provide a specific

implementation of a method that is already defined in its superclass?

 A) Abstraction
 B) Encapsulation
 C) Polymorphism
 D) Inheritance

Answer: C
Explanation: Polymorphism allows a subclass to override or implement a method that is
already defined in its superclass, providing specific behavior while maintaining a
consistent interface.

18 | P a g e
4. Which OOP principle promotes the idea that "child classes can inherit
properties and behaviors of parent classes"?

 A) Inheritance
 B) Polymorphism
 C) Abstraction
 D) Encapsulation

Answer: A
Explanation: Inheritance allows a child class to inherit fields and methods from a parent
class, enabling code reuse and hierarchical relationships.

5. What does the term "polymorphism" refer to in OOP?

 A) The ability of objects to take on many forms

 B) Hiding the internal implementation of a class
 C) Organizing code into separate classes
 D) Converting data into binary format

Answer: A
Explanation: Polymorphism allows objects of different classes to be treated as objects of
a common superclass, enabling flexibility and the ability to use one interface for different
underlying data types.

6. Which OOP concept is demonstrated by the use of the private keyword to

restrict access to class members?

 A) Abstraction
 B) Encapsulation
 C) Inheritance
 D) Polymorphism

Answer: B
Explanation: Encapsulation involves restricting access to certain details of an object, and
the private keyword is used to hide data from outside access.

7. In Java, how is "method overloading" achieved?

19 | P a g e
  A) Using the final keyword
 B) By having multiple methods with the same name but different parameter lists
 C) By subclassing and overriding methods
 D) By using interfaces

Answer: B
Explanation: Method overloading in Java occurs when multiple methods share the same
name but have different parameter lists. This is a form of compile-time polymorphism.

8. What is the difference between "method overriding" and "method

overloading"?

 A) Overloading happens at runtime; overriding happens at compile time.

 B) Overriding is used for polymorphism; overloading is for multiple methods with the
same name.
 C) Overloading is only for constructors; overriding is only for methods.
 D) Overriding does not allow inheritance, whereas overloading does.

Answer: B
Explanation: Method overloading occurs when methods with the same name have
different parameters. Method overriding is when a subclass provides a specific
implementation of a method that is already defined in its parent class.

9. Which of the following is a correct example of dynamic polymorphism?

 A) Method overloading
 B) Operator overloading
 C) Method overriding
 D) Function templates

Answer: C
Explanation: Dynamic polymorphism occurs during runtime, and method overriding is a
classic example where the method call is determined dynamically based on the object
type.

10. In OOP, which of the following concepts restricts access to certain data and
methods within a class?

 A) Polymorphism
 B) Inheritance

20 | P a g e
  C) Abstraction
 D) Encapsulation

Answer: D
Explanation: Encapsulation restricts access to certain details within a class by using
access modifiers like private, protected, and public.

11. Which of the following best describes abstraction?

 A) Showing only essential features and hiding unnecessary details

 B) Reusing code through inheritance
 C) Providing multiple interfaces for the same method
 D) Managing access to object data through encapsulation

Answer: A
Explanation: Abstraction involves exposing only the essential characteristics of an
object and hiding the unnecessary details.

12. In OOP, the concept where objects communicate with each other by passing
messages is called:

 A) Message Passing
 B) Inheritance
 C) Polymorphism
 D) Composition

Answer: A
Explanation: Message passing in OOP refers to the process where objects interact by
invoking each other's methods, or "sending messages."

13. What is the primary benefit of inheritance in OOP?

 A) Improving performance
 B) Code reusability
 C) Better memory management
 D) Faster execution of code

Answer: B
Explanation: Inheritance allows a class to reuse code from its parent class, promoting
code reuse and minimizing duplication.

21 | P a g e
14. What is "composition" in OOP?

 A) A way of creating objects from other objects

 B) A way of hiding internal data
 C) A way of forcing a subclass to implement methods
 D) A type of method overloading

Answer: A
Explanation: Composition is a design principle where objects are composed of other
objects, enabling code reuse without inheritance.

15. In C++, a class having multiple base classes is an example of:

 A) Single Inheritance
 B) Multiple Inheritance
 C) Hierarchical Inheritance
 D) Multilevel Inheritance

Answer: B
Explanation: Multiple inheritance occurs when a class has more than one base class,
inheriting from all of them.

16. Which of the following is an advantage of polymorphism?

 A) Reduces code duplication

 B) Improves encapsulation
 C) Enables objects to be treated as instances of their parent class
 D) Prevents runtime errors

Answer: C
Explanation: Polymorphism allows objects of different types to be treated uniformly as
objects of a common superclass, promoting flexibility in design.

17. What is the difference between an abstract class and an interface in Java?

 A) Abstract classes can have constructors; interfaces cannot.

 B) Interfaces can have instance variables; abstract classes cannot.
 C) Abstract classes cannot have methods; interfaces can.

22 | P a g e
  D) Abstract classes must implement all methods of an interface.

Answer: A
Explanation: Abstract classes can have constructors and may contain concrete methods,
while interfaces cannot have constructors and typically contain only abstract methods.

18. What does the "this" keyword in Java refer to?

 A) The class itself

 B) The current instance of the class
 C) A superclass object
 D) A local variable within a method

Answer: B
Explanation: The this keyword refers to the current instance of the class, and it is
commonly used to access instance variables and methods.

19. Which design principle is represented by "a class should have only one
reason to change"?

 A) Liskov Substitution Principle

 B) Open/Closed Principle
 C) Single Responsibility Principle
 D) Dependency Inversion Principle

Answer: C
Explanation: The Single Responsibility Principle (SRP) states that a class should have
only one reason to change, meaning it should have only one responsibility or task.

20. Which type of relationship does the "is-a" relationship describe in OOP?

 A) Inheritance
 B) Encapsulation
 C) Polymorphism
 D) Composition

Answer: A
Explanation: The "is-a" relationship is a type of inheritance where a subclass is a
specialized version of the superclass, indicating a hierarchical relationship.

23 | P a g e
21. In C++, when is the copy constructor called?

 A) When an object is passed by reference

 B) When an object is passed by value
 C) When an object is assigned
 D) When an object is destroyed

Answer: B
Explanation: The copy constructor is called when an object is passed by value, returned
from a function by value, or initialized with another object of the same type.

22. In Java, which of the following is true about abstract classes?

 A) They cannot have any constructors.

 B) They cannot have final methods.
 C) They cannot be instantiated directly.
 D) They cannot have static methods.

Answer: C
Explanation: Abstract classes cannot be instantiated directly. They can have constructors
and static methods, and they can include final methods.

23. Which of the following is NOT true about polymorphism in OOP?

 A) Polymorphism allows different classes to be treated uniformly.

 B) Polymorphism allows multiple methods with the same name but different signatures.
 C) Polymorphism is achieved only through inheritance.
 D) Polymorphism is a form of dynamic binding.

Answer: C
Explanation: Polymorphism can be achieved not only through inheritance but also
through interfaces. Dynamic binding happens when a method is called at runtime.

24. Which of the following keywords is used to restrict a class from being
inherited in Java?

 A) abstract
 B) final

24 | P a g e
  C) static
 D) private

Answer: B
Explanation: The final keyword is used to prevent a class from being inherited. A
final class cannot be subclassed.

25. What type of relationship does aggregation represent in OOP?

 A) "is-a"
 B) "part-of"
 C) "has-a"
 D) "uses-a"

Answer: C
Explanation: Aggregation represents a "has-a" relationship, where one class contains a
reference to another class. It differs from composition because the contained object can
exist independently.

26. Which method is called when an object is destroyed in C++?

 A) Constructor
 B) Destructor
 C) Copy constructor
 D) Assignment operator

Answer: B
Explanation: The destructor method is automatically invoked when an object is
destroyed to release resources or perform cleanup operations.

27. What happens if a class in C++ has a private constructor?

 A) The class cannot be inherited.

 B) Objects of the class cannot be created.
 C) The class cannot be instantiated externally.
 D) The class cannot have any member functions.

Answer: C
Explanation: If a class has a private constructor, it cannot be instantiated from outside
the class. This is often used for implementing singleton patterns.

25 | P a g e
28. Which of the following principles suggests that a subclass should not override
the behavior of its base class in unexpected ways?

 A) Open/Closed Principle
 B) Liskov Substitution Principle
 C) Dependency Inversion Principle
 D) Interface Segregation Principle

Answer: B
Explanation: The Liskov Substitution Principle (LSP) states that objects of a superclass
should be replaceable with objects of a subclass without altering the correctness of the
program.

29. What is the difference between association and aggregation in OOP?

 A) Aggregation is a stronger form of association.

 B) Association is a weaker form of aggregation.
 C) Aggregation implies ownership, while association does not.
 D) Association is used for inheritance.

Answer: C
Explanation: Aggregation implies ownership, but the lifecycle of the owned object is
independent of the owner. Association is a more general term that simply indicates a
relationship between two objects.

30. Which of the following defines "composition" in OOP?

 A) A type of inheritance where one class is derived from another.

 B) A "has-a" relationship where the composed object cannot exist without the owner.
 C) A technique for method overriding.
 D) A mechanism for polymorphism.

Answer: B
Explanation: Composition represents a strong "has-a" relationship, where the lifecycle
of the composed object depends on the owner. If the owner is destroyed, the composed
object is also destroyed.

31. Which of the following statements is true about multiple inheritance in C++?
26 | P a g e
  A) It is not allowed.
 B) It is allowed, but creates ambiguity in function calls.
 C) It is allowed, but virtual functions cannot be used.
 D) It is allowed, but destructors cannot be used.

Answer: B
Explanation: Multiple inheritance is allowed in C++, but it can lead to ambiguity if the
same function is inherited from multiple base classes. This ambiguity is often resolved
using the virtual keyword.

32. Which of the following mechanisms is used to bind method calls at runtime in
Java?

 A) Early binding
 B) Static binding
 C) Late binding
 D) Compile-time binding

Answer: C
Explanation: Late binding, also known as dynamic binding, occurs when method calls
are resolved at runtime, allowing for polymorphism in Java.

33. Which design pattern ensures that a class has only one instance and provides
a global point of access to that instance?

 A) Factory pattern
 B) Adapter pattern
 C) Singleton pattern
 D) Observer pattern

Answer: C
Explanation: The Singleton pattern ensures that a class has only one instance and
provides a global point of access to that instance.

34. Which of the following concepts refers to combining data and behavior into a
single unit in OOP?

 A) Inheritance
 B) Encapsulation
 C) Abstraction
27 | P a g e
  D) Polymorphism

Answer: B
Explanation: Encapsulation is the concept of combining data (attributes) and behavior
(methods) into a single unit, typically a class, and restricting access to certain parts of the
object.

35. In C++, if a class has a virtual destructor, which of the following is true?

 A) The derived class destructor will not be called.

 B) The base class destructor will be called first.
 C) The derived class destructor will be called before the base class destructor.
 D) Destructors cannot be virtual in C++.

Answer: C
Explanation: If a base class destructor is virtual, the destructor of the derived class is
called first, followed by the base class destructor. This ensures proper cleanup when
using polymorphism.

36. What does the super keyword in Java refer to?

 A) The current class

 B) The parent class
 C) The child class
 D) The interface

Answer: B
Explanation: The super keyword in Java refers to the parent class and is often used to
access methods and constructors of the superclass.

37. Which of the following statements about virtual functions in C++ is true?

 A) Virtual functions can be static.

 B) Virtual functions cannot be overridden by derived classes.
 C) Virtual functions must be defined in the base class.
 D) Virtual functions enable dynamic polymorphism.

Answer: D
Explanation: Virtual functions allow a function in the base class to be overridden in
derived classes, and they enable dynamic polymorphism.

28 | P a g e
38. In Java, what is the primary difference between an abstract class and an
interface?

 A) Abstract classes cannot be extended, interfaces can.

 B) An interface cannot have method implementations, while an abstract class can.
 C) An interface cannot have instance variables.
 D) Abstract classes must implement all methods of their subclasses.

Answer: B
Explanation: An interface in Java cannot have method implementations (before Java 8),
while abstract classes can provide some method implementations.

39. In C++, which of the following is true about virtual destructors?

 A) They prevent memory leaks in polymorphic inheritance.

 B) They can only be used with abstract classes.
 C) They cannot be overridden by derived classes.
 D) They are called automatically after constructors.

Answer: A
Explanation: Virtual destructors are crucial in preventing memory leaks in polymorphic
inheritance by ensuring that destructors for derived classes are called correctly.

40. Which of the following is NOT a feature of inheritance?

 A) Code reusability
 B) Runtime polymorphism
 C) Compile-time error handling
 D) Hierarchical representation

Answer: C
Explanation: Inheritance promotes code reusability, runtime polymorphism, and allows

41. In C++, if a class has a pure virtual function, which of the following is true?

 A) The class cannot be instantiated.

 B) The class must have a constructor.
 C) The class must not have a destructor.
 D) The class can be instantiated using a pointer.

29 | P a g e
 Answer: A
Explanation: A class with a pure virtual function is considered an abstract class and
cannot be instantiated directly.

42. Which of the following is true about multiple inheritance in Java?

 A) It is supported through interfaces.

 B) It is supported directly through classes.
 C) Java supports multiple inheritance of classes but not interfaces.
 D) Java does not support multiple inheritance at all.

Answer: A
Explanation: Java does not support multiple inheritance through classes, but it allows
multiple inheritance via interfaces.

43. What happens when you override a non-virtual function in C++?

 A) It leads to compile-time error.

 B) It prevents the function from being overridden.
 C) The function gets overridden but does not exhibit polymorphic behavior.
 D) The base class method gets hidden.

Answer: C
Explanation: Non-virtual functions can be overridden, but they will not exhibit
polymorphic behavior because dynamic binding occurs only with virtual functions.

44. Which of the following statements is true about "Association" in OOP?

 A) It always implies ownership.

 B) It is a form of inheritance.
 C) It is a relationship where one object is associated with another but neither owns the
other.
 D) It is a form of encapsulation.

Answer: C
Explanation: Association represents a relationship between two objects, but it does not
imply ownership as aggregation or composition does.

30 | P a g e
45. What is the role of the final keyword in method overriding in Java?

 A) It prevents method overriding.

 B) It allows method overriding in derived classes.
 C) It prevents method overloading.
 D) It allows polymorphism in runtime.

Answer: A
Explanation: The final keyword prevents a method from being overridden in derived
classes.

46. Which principle is being violated if a subclass relies on the internal

implementation details of its superclass?

 A) Open/Closed Principle
 B) Dependency Inversion Principle
 C) Liskov Substitution Principle
 D) Interface Segregation Principle

Answer: C
Explanation: The Liskov Substitution Principle states that subclasses should be able to
replace their base classes without affecting the program’s correctness. Relying on internal
details violates this principle.

47. Which of the following is NOT true about interfaces in Java?

 A) Interfaces can contain default methods.

 B) An interface can extend another interface.
 C) An interface can contain private methods.
 D) Interfaces can contain instance variables.

Answer: D
Explanation: Interfaces cannot contain instance variables. They can only have constants
(implicitly public static final).

48. Which of the following design patterns restricts the instantiation of a class to
one object?

 A) Singleton Pattern

31 | P a g e
  B) Factory Pattern
 C) Observer Pattern
 D) Strategy Pattern

Answer: A
Explanation: The Singleton Pattern ensures that only one instance of a class exists and
provides a global point of access to that instance.

49. In Python, which method is used to initialize an object’s state in a class?

 A) __new__()
 B) __del__()
 C) __init__()
 D) __call__()

Answer: C
Explanation: The __init__() method in Python is used to initialize the state of an
object when the object is created.

50. Which of the following is a key difference between aggregation and

composition?

 A) Composition implies ownership, while aggregation does not.

 B) Aggregation implies ownership, while composition does not.
 C) Composition allows shared ownership, while aggregation does not.
 D) Aggregation prevents polymorphism, while composition allows it.

Answer: A
Explanation: In composition, the composed objects cannot exist independently of the
container object, while in aggregation, the contained object can exist independently.

51. In Java, what happens when a constructor of a class is marked as private?

 A) The class cannot be instantiated outside the class.

 B) The class can be inherited but not instantiated.
 C) The class cannot have any methods.
 D) The class can be instantiated in any package.

32 | P a g e
 Answer: A
Explanation: A private constructor prevents instantiation of the class from outside the
class. This is often used in Singleton Pattern implementations.

52. What is "method overloading" in Java?

 A) Defining multiple methods in a class with the same name but different parameter lists.
 B) Defining multiple methods in a class with different names but identical parameter
lists.
 C) Defining multiple methods in a class that perform similar tasks.
 D) Redefining a method in a subclass with the same name as in the superclass.

Answer: A
Explanation: Method overloading allows multiple methods in a class to have the same
name, provided they differ in their parameter lists.

53. What does the super() function in Python do?

 A) Calls a method from the current class.

 B) Calls a method from the parent class.
 C) Defines a method in the subclass.
 D) Prevents method overriding.

Answer: B
Explanation: The super() function is used to call a method from the parent class in
Python, allowing access to inherited methods.

54. What is the result of calling the clone() method on an object in Java?

 A) A shallow copy of the object.

 B) A deep copy of the object.
 C) An exception is thrown.
 D) The method creates a new object by invoking the constructor.

Answer: A
Explanation: The clone() method creates a shallow copy of the object. It copies field
values directly, but does not copy objects that are referred to by those fields.

33 | P a g e
55. In C++, what is the primary advantage of using virtual inheritance?

 A) It prevents memory leaks.

 B) It resolves ambiguity in multiple inheritance.
 C) It allows the use of private constructors.
 D) It enhances runtime performance.

Answer: B
Explanation: Virtual inheritance is used in C++ to prevent the diamond problem by
ensuring that only one instance of a base class is shared when multiple paths of
inheritance are used.

56. Which of the following concepts does the this pointer refer to in C++?

 A) The base class

 B) The derived class
 C) The current object
 D) The global object

Answer: C
Explanation: The this pointer in C++ refers to the current instance of the object within
its member functions.

57. In Java, what is the primary reason to use an interface instead of an abstract
class?

 A) To achieve multiple inheritance.

 B) To allow default method implementation.
 C) To avoid using constructors.
 D) To avoid overriding methods.

Answer: A
Explanation: Interfaces in Java allow a form of multiple inheritance, since a class can
implement multiple interfaces.

58. What is the outcome of calling a virtual method in the base class but
implemented only in the derived class in C++?

 A) Compile-time error

34 | P a g e
  B) The base class method will be executed.
 C) The derived class method will be executed at runtime.
 D) The method cannot be called at all.

Answer: C
Explanation: If the method is marked as virtual in the base class, the derived class
method will be executed due to dynamic binding at runtime.

59. In Python, what is the purpose of the @staticmethod decorator?

 A) It marks a method as private.

 B) It allows the method to access class-level data.
 C) It defines a method that does not operate on an instance or class data.
 D) It prevents method overriding in subclasses.

Answer: C
Explanation: The @staticmethod decorator is used to define methods that don’t depend
on instance or class-level data and can be called directly on the class.

60. Which of the following violates the Open/Closed Principle?

 A) Adding new features via subclasses.

 B) Modifying an existing class to add new functionality.
 C) Using interfaces to define new behaviors.
 D) Extending functionality by overriding base class methods.

Answer: B
Explanation: The Open/Closed Principle states that software entities should be open for
extension but closed for modification. Modifying a class to add new functionality violates
this principle.

61. Which of the following best describes 'Composition' in object-oriented

programming?

 A) A class that is composed of another class and shares its lifetime

 B) A class that inherits properties of another class
 C) A relationship between two classes where one uses the other temporarily
 D) A method that overrides the behavior of a superclass method

35 | P a g e
 Answer: A
Explanation: Composition refers to a "has-a" relationship, where one class contains
another and their lifetimes are tied.

62. In which scenario is 'Inheritance' most appropriate to use?

 A) When a class needs to hide certain details from other classes

 B) When a class needs to share common attributes and behaviors across different classes
 C) When a class needs to perform multiple types of unrelated actions
 D) When a class needs to have multiple methods with the same name

Answer: B
Explanation: Inheritance is used to share common attributes and behaviors between
related classes, promoting code reuse.

63. Which of the following is not an example of polymorphism in object-oriented

programming?

 A) Method Overloading
 B) Method Overriding
 C) Operator Overloading
 D) Composition

Answer: D
Explanation: Composition is a design principle for object relationships, not an example
of polymorphism.

64. Which of the following best describes 'Encapsulation'?

 A) The ability of an object to take many forms

 B) Restricting access to an object's internal state and requiring all interactions through
methods
 C) Creating multiple classes with shared attributes
 D) Extending the behavior of an existing class

Answer: B
Explanation: Encapsulation is the practice of hiding an object’s internal state and
ensuring it is accessed only through well-defined methods.

65. In which of the following scenarios would you prefer composition over
inheritance?

 A) When the derived class needs to inherit all behaviors from the base class.
 B) When you want to create a flexible system that can be easily modified.
 C) When the relationship between the classes is hierarchical.
 D) When you need to enforce a strict "is-a" relationship.
36 | P a g e
 Answer: B
Explanation: Composition is preferred when you want to create flexible systems that can
be modified or extended without affecting the existing code, as it favors "has-a"
relationships.

66. Which of the following design principles does the Adapter Pattern violate if
not used correctly?

 A) Single Responsibility Principle

 B) Liskov Substitution Principle
 C) Dependency Inversion Principle
 D) Interface Segregation Principle

Answer: B
Explanation: If the Adapter Pattern is not implemented correctly, it may lead to a
situation where a subclass does not properly substitute the base class, violating the Liskov
Substitution Principle.

67. In C++, which of the following can be a reason to use a friend class?

 A) To allow one class to access the private members of another class.

 B) To reduce coupling between classes.
 C) To enforce encapsulation.
 D) To achieve polymorphism.
 Answer: A
Explanation: A friend class can access private and protected members of another class,
providing a way to allow specific classes to interact closely.

68. What is the purpose of the super keyword in Python?

 A) To invoke the constructor of the parent class.

 B) To refer to the parent class directly.
 C) To implement multiple inheritance.
 D) To prevent method overriding.
 Answer: A
Explanation: The super keyword in Python is used to call methods of the parent class,
including constructors, facilitating the reuse of code in the subclass.

37 | P a g e
69. Which of the following describes the term "Encapsulation"?

 A) The process of deriving new classes from existing classes.

 B) The bundling of data and the methods that operate on that data.
 C) The ability to define multiple forms of behavior through method overriding.
 D) The separation of an interface from its implementation.
 Answer: B
Explanation: Encapsulation refers to the bundling of data (attributes) and methods that
operate on that data into a single unit or class, restricting access to some of the object's
components.

70. In C#, which of the following statements about interfaces is true?

 A) An interface can contain fields.

 B) An interface can implement another interface.
 C) An interface can have a constructor.
 D) An interface can contain static methods.

Answer: B
Explanation: An interface in C# can inherit from another interface, allowing for a
hierarchy of interfaces. However, it cannot contain fields, constructors, or static methods.

71. What is the primary advantage of using abstract classes in OOP?

 A) They cannot be instantiated, enforcing a design structure.

 B) They can have complete implementations of methods.
 C) They promote multiple inheritance.
 D) They allow the creation of static methods.

Answer: A
Explanation: Abstract classes cannot be instantiated, which enforces a specific design
structure and allows the definition of methods that must be implemented by derived
classes.

72. Which principle is primarily violated if a class has too many responsibilities?

 A) Open/Closed Principle
 B) Interface Segregation Principle
 C) Single Responsibility Principle
 D) Liskov Substitution Principle

38 | P a g e
 Answer: C
Explanation: The Single Responsibility Principle states that a class should have only one
reason to change, meaning it should only have one responsibility. Violating this leads to
classes that are harder to maintain.

73. In C++, what is the difference between public inheritance and protected
inheritance?

 A) Public inheritance allows derived classes to access base class members; protected
inheritance does not.
 B) Protected inheritance restricts the visibility of base class members to the derived class
only.
 C) Public inheritance exposes base class members to all classes, while protected
inheritance exposes them only to derived classes.
 D) There is no difference; both serve the same purpose.

Answer: C
Explanation: Public inheritance allows base class members to be accessible by all
classes, while protected inheritance restricts access to derived classes only.

74. In which situation would you utilize the Factory Method design pattern?

 A) When you need to create instances of a class with varying configuration settings.
 B) When a class should be able to change its behavior at runtime.
 C) When you need to restrict the instantiation of a class.
 D) When you want to enforce a strict inheritance hierarchy.

Answer: A
Explanation: The Factory Method pattern is used when a class cannot anticipate the
class of objects it must create and relies on subclasses to handle the instantiation process,
allowing for varying configurations.

Web/Application Development:

o HTML5/CSS and Javascript o HTTP/HTTPS, AJAX and REST APIs (get, post,
put, delete).

o Cookies o Version control systems like Git for source code management.

39 | P a g e
1. Which of the following is NOT a valid HTML5 element for handling
multimedia?

 A) <audio>
 B) <video>
 C) <track>
 D) <sound>

Answer: D
Explanation: The <sound> tag is not a valid HTML5 tag. HTML5 uses <audio> and
<video> to embed multimedia content.

2. Which CSS property is used to control the stacking order of elements?

 A) display
 B) position
 C) z-index
 D) float

Answer: C
Explanation: The z-index property controls the vertical stacking order of elements that
overlap due to relative or absolute positioning.

3. In CSS, what does the box-sizing: border-box property do?

 A) Sets the border width to zero.

 B) Excludes padding and borders when calculating the width and height of an element.
 C) Includes padding and borders in the element’s total width and height.
 D) Centers the element within its container.

Answer: C
Explanation: box-sizing: border-box ensures that the padding and border are
included within the element’s specified width and height.

4. In JavaScript, which of the following correctly implements a REST API

DELETE request using AJAX?

 A) $.ajax({url: 'api/delete', type: 'DELETE'})

 B) $.get('api/delete', {type: 'DELETE'})

40 | P a g e
  C) $.post('api/delete', {type: 'DELETE'})
 D) $.put('api/delete')

Answer: A
Explanation: The $.ajax() method with type: 'DELETE' is the correct way to make a
DELETE request using jQuery.

5. Which of the following HTTP methods should be used to retrieve a resource

from the server without any side effects?

 A) POST
 B) GET
 C) PUT
 D) DELETE

Answer: B
Explanation: The GET method is used to retrieve data from the server without making
any changes to the resource or causing side effects.

6. What is the primary security difference between HTTP and HTTPS?

 A) HTTPS uses encrypted connections, whereas HTTP uses plaintext.

 B) HTTPS provides faster data transmission compared to HTTP.
 C) HTTP supports secure APIs, while HTTPS does not.
 D) HTTPS blocks all cookies, while HTTP allows them.

Answer: A
Explanation: HTTPS uses SSL/TLS to encrypt data transmitted between the client and
the server, while HTTP transmits data in plaintext.

7. Which of the following best describes a REST API?

 A) A protocol that requires XML for data formatting.

 B) An API that uses a fixed set of operations and has no scalability.
 C) An architectural style that supports stateless, client-server communication using
HTTP.
 D) A stateful service that requires cookies for session management.

41 | P a g e
 Answer: C
Explanation: REST is an architectural style for designing networked applications,
focusing on stateless communication, typically over HTTP.

8. In REST APIs, which HTTP method is considered idempotent?

 A) POST
 B) PUT
 C) DELETE
 D) Both B and C

Answer: D
Explanation: Both PUT and DELETE are idempotent methods because they can be called
multiple times without changing the result beyond the initial application.

9. Which of the following is NOT a valid response status code in an HTTP

request?

 A) 200 OK
 B) 201 Created
 C) 403 Forbidden
 D) 599 Invalid Request

Answer: D
Explanation: There is no HTTP status code 599. Common status codes include 200, 201,
and 403, but 599 is not part of the standard.

10. Which of the following is TRUE regarding CORS (Cross-Origin Resource

Sharing)?

 A) It allows any domain to make requests to any server by default.

 B) It allows web applications to control which external domains are permitted to access
resources.
 C) It is a default security feature in all browsers.
 D) CORS is only applicable for HTTP POST requests.

Answer: B
Explanation: CORS allows a server to specify which external domains are allowed to
make cross-origin requests to resources on the server.

42 | P a g e
11. What is the main difference between PUT and POST methods in REST
APIs?

 A) POST is idempotent, while PUT is not.

 B) PUT is idempotent, while POST is not.
 C) Both PUT and POST are used to create new resources.
 D) Both PUT and POST are idempotent.

Answer: B
Explanation: PUT is idempotent (calling it multiple times will not change the result
beyond the initial request), while POST is not.

12. Which JavaScript feature allows asynchronous execution of code without

blocking the main thread?

 A) Promises
 B) Callbacks
 C) Async/Await
 D) All of the above

Answer: D
Explanation: Promises, callbacks, and async/await are all mechanisms in JavaScript that
allow for asynchronous code execution without blocking the main thread.

13. Which of the following will correctly set a cookie in JavaScript?

 A) document.setCookie = "name=value";
 B) document.cookie = "name=value;";
 C) document.cookie("name", "value");
 D) cookie.create("name", "value");

Answer: B
Explanation: In JavaScript, cookies are set by assigning a string to document.cookie in
the format "name=value".

43 | P a g e
14. What is the purpose of the SameSite attribute in HTTP cookies?

 A) To prevent the cookie from being accessed via JavaScript.

 B) To specify whether the cookie can be sent with cross-site requests.
 C) To limit the cookie’s scope to secure connections only.
 D) To indicate the maximum age of the cookie.

Answer: B
Explanation: The SameSite attribute controls whether the cookie can be sent with cross-
site requests, providing protection against CSRF attacks.

15. Which of the following Git commands is used to retrieve changes from a
remote repository without merging?

 A) git fetch
 B) git pull
 C) git clone
 D) git push

Answer: A
Explanation: git fetch retrieves changes from a remote repository without merging
them into the local branch. You can merge them manually afterward.

16. In Git, what does the command git reset --hard do?

 A) Reverts the working directory to a previous commit but keeps changes in the staging
area.
 B) Moves the current branch to a specific commit and discards all working directory
changes.
 C) Deletes the local repository.
 D) Updates the remote repository with local changes.

Answer: B
Explanation: git reset --hard moves the branch to a specific commit and removes
all changes in the working directory and staging area.

44 | P a g e
17. Which of the following is NOT a valid status for a Git file?

 A) Untracked
 B) Modified
 C) Deleted
 D) Excluded

Answer: D
Explanation: Git tracks file statuses such as untracked, modified, and deleted, but
"excluded" is not a valid Git status.

18. In RESTful services, which response code is used to indicate that a request
has succeeded, but no content is returned?

 A) 204 No Content
 B) 200 OK
 C) 202 Accepted
 D) 201 Created

Answer: A
Explanation: A 204 No Content status is returned when the request is successful, but
there is no data to return in the response.

19. In HTTP, which of the following is a mechanism to ensure the integrity of

cookies?

 A) Secure flag
 B) HttpOnly flag
 C) SameSite attribute
 D) __Secure prefix

Answer: D
Explanation: The __Secure- prefix is used to ensure that the cookie is sent only over
secure (HTTPS) connections, enhancing security.

45 | P a g e
20. Which of the following CSS techniques is used to center an element
horizontally inside a parent container?

 A) position: absolute;
 B) margin-left: auto; margin-right: auto;
 C) display: inline-block;
 D) float: center;

Answer: B
Explanation: margin-left: auto; margin-right: auto; is the standard CSS
technique to center block elements horizontally inside a parent container.

21. Which of the following HTML5 APIs is used to handle user media, such as
camera or microphone?

 A) WebRTC API
 B) MediaStream API
 C) Canvas API
 D) WebSockets API

Answer: B
Explanation: The MediaStream API allows web applications to access and manipulate
media streams, such as video or audio from the user's camera or microphone.

22. Which of the following is TRUE about the async attribute in HTML5 <script>
tags?

 A) It ensures that the script is executed only after the page is fully loaded.
 B) It ensures the script is loaded asynchronously with the rest of the page.
 C) It blocks HTML parsing until the script is loaded and executed.
 D) It forces the script to load synchronously with other external resources.

Answer: B
Explanation: The async attribute allows the script to load asynchronously while the
HTML continues to parse, and it gets executed as soon as it is ready.

23. In CSS, how would you apply styles to an element with an attribute data-
role="admin"?

 A) data-role[admin] { ... }
 B) [data-role="admin"] { ... }

46 | P a g e
  C) .data-role.admin { ... }
 D) #data-role.admin { ... }

Answer: B
Explanation: The correct CSS syntax to target an element based on an attribute value is
[attribute="value"], hence [data-role="admin"].

24. Which of the following best describes the concept of "event delegation" in
JavaScript?

 A) Attaching event handlers directly to all target elements.

 B) Using a single event listener to handle events at a higher level in the DOM.
 C) Preventing the propagation of an event to parent elements.
 D) Delaying the execution of an event until all elements are loaded.

Answer: B
Explanation: Event delegation refers to attaching a single event listener to a parent
element to handle events triggered by child elements, improving performance.

25. Which of the following HTTP headers is used to control caching in modern
web browsers?

 A) Authorization
 B) Cache-Control
 C) Access-Control-Allow-Origin
 D) Content-Type

Answer: B
Explanation: The Cache-Control header is used to define caching policies, such as no-
store, no-cache, private, and public.

26. In the context of RESTful web services, what does the term "stateless" mean?

 A) The server does not store any information about the client’s request between calls.
 B) The client must provide credentials on each request to maintain state.
 C) The server keeps a record of the client’s session.
 D) The client sends encrypted tokens to maintain a session state.

47 | P a g e
 Answer: A
Explanation: Statelessness in REST means that each request from a client to the server
must contain all the information necessary to understand and complete the request,
without relying on stored information on the server.

27. Which of the following is an advantage of using GET over POST in an AJAX
request?

 A) GET is idempotent, while POST is not.

 B) GET can send more data than POST.
 C) GET hides data sent from the user, while POST exposes it in the URL.
 D) GET requests are inherently more secure than POST requests.

Answer: A
Explanation: GET requests are idempotent, meaning that multiple identical requests have
the same effect as a single request, whereas POST requests are not.

28. In a RESTful API, which of the following HTTP status codes represents a
successful PATCH operation?

 A) 200 OK
 B) 204 No Content
 C) 202 Accepted
 D) 201 Created

Answer: A
Explanation: The 200 OK status code indicates that the PATCH request was successful,
and the resource was modified.

29. In JavaScript, which of the following methods is used to serialize an object

into a JSON string?

 A) JSON.encode()
 B) JSON.stringify()
 C) JSON.parse()
 D) Object.serialize()

48 | P a g e
 Answer: B
Explanation: JSON.stringify() converts a JavaScript object or value into a JSON
string, while JSON.parse() converts a JSON string into a JavaScript object.

30. Which of the following Git commands is used to discard changes in the
working directory?

 A) git stash
 B) git reset
 C) git clean
 D) git checkout -- .

Answer: D
Explanation: The command git checkout -- . discards all changes in the working
directory, reverting to the last committed state.

31. Which of the following is NOT a valid property of an HTTP cookie?

 A) HttpOnly
 B) SameSite
 C) Domain
 D) SecureSocket

Answer: D
Explanation: SecureSocket is not a valid property for HTTP cookies. Valid properties
include HttpOnly, SameSite, Domain, Path, Secure, and Max-Age.

32. Which of the following best describes AJAX (Asynchronous JavaScript and
XML)?

 A) It reloads the webpage after making a request to the server.

 B) It allows a webpage to send and retrieve data from a server asynchronously.
 C) It supports only GET and POST requests.
 D) It sends requests and receives responses only in XML format.

Answer: B
Explanation: AJAX enables web pages to send and receive data asynchronously (in the
background) without reloading the entire webpage.

49 | P a g e
33. In JavaScript, what is the primary difference between synchronous and
asynchronous code execution?

 A) Synchronous code is executed immediately, while asynchronous code is executed at

the end of the current execution stack.
 B) Asynchronous code is executed immediately, while synchronous code is delayed.
 C) Synchronous code is handled by the browser, while asynchronous code is handled by
the server.
 D) Asynchronous code cannot be used with REST APIs.

Answer: A
Explanation: Synchronous code is executed sequentially, while asynchronous code (like
promises or async/await) runs after the current call stack is cleared.

34. What is the purpose of the HEAD method in HTTP?

 A) To retrieve the response body without metadata.

 B) To retrieve metadata without the response body.
 C) To update the headers of a resource.
 D) To delete the headers of a resource.

Answer: B
Explanation: The HEAD method retrieves the headers of a resource (metadata) without
the response body, making it useful for checking response information before
downloading.

35. Which of the following Git commands is used to combine multiple commits
into one?

 A) git merge
 B) git rebase
 C) git cherry-pick
 D) git squash

Answer: B
Explanation: git rebase can be used to combine multiple commits into one during the
interactive rebase process, while git merge integrates changes from different branches.

50 | P a g e
36. What is the function of a "cookie" in HTTP communication?

 A) To store large files on the client.

 B) To maintain state and track user sessions across HTTP requests.
 C) To enable cross-domain requests.
 D) To cache web pages on the client side.

Answer: B
Explanation: Cookies are small pieces of data sent by a server to store information on
the client side and maintain session state between HTTP requests.

37. In HTML5, which of the following is used to manage local, persistent storage
in the browser?

 A) Cookies
 B) SessionStorage
 C) LocalStorage
 D) File API

Answer: C
Explanation: LocalStorage allows websites to store data persistently in the browser,
which remains after the browser is closed and reopened.

38. In Git, what is the purpose of the .gitignore file?

 A) To exclude certain files from being tracked and committed.

 B) To delete specific files from the remote repository.
 C) To force tracking of specific files.
 D) To rename files in the repository.

Answer: A
Explanation: The .gitignore file specifies which files and directories should be
ignored by Git, preventing them from being tracked or committed.

39. Which of the following HTTP methods is considered idempotent?

 A) POST
 B) DELETE
 C) PATCH

51 | P a g e
  D) PUT

Answer: D
Explanation: PUT is idempotent, meaning multiple identical requests will result in the
same resource state. POST and PATCH are not idempotent, while DELETE is conditionally
idempotent.

40. Which of the following CSS properties is used to create rounded corners for
an element?

 A) border-radius
 B) corner-shape
 C) border-style
 D) box-shadow

Answer: A
Explanation: The border-radius property is used to create rounded corners on
elements in CSS.

41. Which of the following properties in CSS helps achieve a flex container's
child element alignment along the cross-axis?

 A) align-content
 B) justify-content
 C) align-items
 D) flex-direction

Answer: C
Explanation: align-items defines how flex container children are aligned along the
cross-axis (perpendicular to the main axis).

42. In JavaScript, what is the primary difference between null and undefined?

 A) null represents a variable that has not been declared, while undefined represents a
declared but uninitialized variable.
 B) undefined is assigned by the JavaScript engine, while null is assigned by the
programmer.
 C) null is a primitive type, while undefined is an object type.
 D) Both null and undefined behave the same way in all scenarios.

52 | P a g e
 Answer: B
Explanation: undefined is automatically assigned to variables declared without
initialization, while null is an intentional assignment to represent "no value."

43. In Git, what does the command git reflog do?

 A) It removes files from the working directory.

 B) It lists all remote branches.
 C) It shows a log of all reference changes, including commits that are no longer
reachable.
 D) It lists all tags in the repository.

Answer: C
Explanation: git reflog records all movements of HEAD, even those that are no
longer part of any branch or are otherwise unreachable.

44. Which of the following statements about event.preventDefault() in

JavaScript is TRUE?

 A) It stops the event from propagating up the DOM tree.

 B) It prevents the event's default action from being triggered.
 C) It removes the event listener after it is triggered once.
 D) It prevents the event from being triggered more than once.

Answer: B
Explanation: event.preventDefault() is used to prevent the default behavior of the
event, such as stopping a form submission or link redirection.

45. In REST APIs, which of the following HTTP methods is considered safe and
idempotent?

 A) POST
 B) PATCH
 C) GET
 D) DELETE

Answer: C
Explanation: GET is both safe and idempotent. Safe means it doesn't alter the state of the
resource, and idempotent means repeating the request gives the same result.

53 | P a g e
46. In JavaScript, which of the following best describes the call() method?

 A) It creates a new function based on the provided prototype.

 B) It invokes a function with a specific this value and arguments provided individually.
 C) It binds a function to a specific object for future use.
 D) It creates a chain of functions that inherit from one another.

Answer: B
Explanation: call() allows you to invoke a function and explicitly set the this context
for that function, with arguments passed individually.

47. Which of the following HTML5 input types is used to capture a URL?

 A) input type="url"
 B) input type="web"
 C) input type="text"
 D) input type="link"

Answer: A
Explanation: The input type="url" allows users to input and validate a URL.

48. In the context of Git, what does git cherry-pick do?

 A) It merges branches together.

 B) It picks a specific commit from one branch and applies it to another.
 C) It removes commits from the commit history.
 D) It picks changes from the staging area into a new branch.

Answer: B
Explanation: git cherry-pick allows you to select a specific commit from one branch
and apply it to your current branch.

49. Which of the following is true about the fetch() method in JavaScript when
performing an HTTP request?

 A) It is a synchronous function used to fetch resources.

 B) It returns a promise that resolves to a Response object.

54 | P a g e
  C) It only supports GET and POST methods for making requests.
 D) It is a deprecated method for AJAX requests.

Answer: B
Explanation: The fetch() method returns a promise that resolves to the response of the
HTTP request, which can then be processed.

50. Which of the following is TRUE about the same-origin policy for HTTP
cookies?

 A) It prevents all cross-site requests from being made.

 B) It prevents JavaScript from accessing cookies that do not share the same domain,
protocol, and port.
 C) It allows cookies to be shared across multiple subdomains by default.
 D) It blocks access to session storage for third-party scripts.

Answer: B
Explanation: The same-origin policy restricts web pages from accessing cookies that
do not share the same origin (same domain, protocol, and port).

51. In RESTful APIs, which HTTP status code is returned when a requested
resource is not found?

 A) 400 Bad Request

 B) 403 Forbidden
 C) 404 Not Found
 D) 500 Internal Server Error

Answer: C
Explanation: The 404 Not Found status code indicates that the server cannot find the
requested resource.

52. In CSS, how would you select all paragraph elements that are direct children
of a div element?

 A) div p { ... }
 B) div > p { ... }
 C) div ~ p { ... }
 D) div + p { ... }

55 | P a g e
 Answer: B
Explanation: The > selector is used to select direct children, so div > p selects all p
elements that are direct children of a div.

53. Which of the following best describes the purpose of the Strict-Transport-
Security (HSTS) header in HTTP?

 A) It forces the use of HTTPS over HTTP for future requests.

 B) It prevents cross-origin requests to insecure websites.
 C) It blocks third-party cookies in the browser.
 D) It allows client-side caching for a specific time duration.

Answer: A
Explanation: The HSTS header enforces HTTPS for future requests to the domain,
ensuring secure connections.

54. In JavaScript, which of the following correctly represents an immediately-

invoked function expression (IIFE)?

 A) function() { ... }();

 B) (function() { ... })();
 C) function iife() { ... }
 D) iife(function() { ... })

Answer: B
Explanation: An IIFE is a function expression that is immediately invoked after its
definition. It’s wrapped in parentheses followed by ().

55. In Git, what is the purpose of the git tag command?

 A) It lists all commits made to a branch.

 B) It marks a specific commit with a human-readable reference, such as a version
number.
 C) It merges two branches together.
 D) It saves uncommitted changes for later use.

Answer: B
Explanation: git tag is used to mark a specific commit with a reference (such as
v1.0), often to signify releases.

56 | P a g e
56. Which of the following is TRUE about POST requests in REST APIs?

 A) They are always idempotent.

 B) They are used for updating resources.
 C) They send data to the server to create a new resource.
 D) They do not allow a request body.

Answer: C
Explanation: POST requests are used to create a new resource on the server and are not
idempotent (repeating the request may create additional resources).

57. Which of the following correctly describes CORS (Cross-Origin Resource

Sharing)?

 A) It is a protocol used to prevent SQL injection attacks.

 B) It is a browser security mechanism to control resource sharing between different
origins.
 C) It is a method used to hash sensitive user data.
 D) It is a mechanism to prevent XSS attacks.

Answer: B
Explanation: CORS allows servers to define which origins are permitted to access
resources on the server, controlling cross-origin requests.

58. In JavaScript, what does the reduce() method do on an array?

 A) It reduces the array length by half.

 B) It executes a reducer function on each element of the array, returning a single output
value.
 C) It filters out elements from the array.
 D) It removes duplicate elements from an array.

Answer: B
Explanation: The reduce() method applies a function to each array element,
accumulating a single result from the operation.

57 | P a g e
59. Which HTTP header is used to control browser caching behavior for
responses?

 A) Authorization
 B) Cache-Control
 C) Set-Cookie
 D) ETag

Answer: B
Explanation: Cache-Control is used to specify caching policies for both requests and
responses, controlling how browsers cache data.

60. Which of the following CSS Grid properties is used to define the number of
rows and columns in a grid layout?

 A) grid-template
 B) grid-template-areas
 C) grid-template-rows and grid-template-columns
 D) grid-gap

Answer: C
Explanation: The properties grid-template-rows and grid-template-columns are
used to define the structure of the grid layout, specifying the number of rows and
columns. While grid-template is a shorthand, specifying rows and columns
individually with these two properties gives more explicit control.

58 | P a g e
 Software Engineering:

o Software Development Lifecycle Phases (Requirement analysis, In-depth

planning, Product design, Coding, Testing, Deployment, Post-production
maintenance)

o Basic Software Testing Concepts (Black Box Testing, White Box Testing,
Unit/Integration/Regression Testing, and UAT).

o Design Patterns and SOLID principles.

1. Which SDLC model is most suitable when requirements are uncertain and
subject to frequent changes?

 A) Waterfall Model
 B) V-Model
 C) Agile Model
 D) Spiral Model

Answer: C
Explanation: The Agile model is iterative and allows frequent changes, making it ideal
for projects with dynamic requirements.

2. In which phase of the SDLC is the system architecture designed based on

requirements?

 A) Requirement Analysis
 B) Design Phase
 C) Coding Phase
 D) Testing Phase

Answer: B
Explanation: The design phase involves system and software design based on gathered
requirements, forming the blueprint for the system's architecture.

3. Which of the following is NOT a part of the software testing process?

 A) Unit Testing
 B) Black Box Testing
 C) Refactoring
 D) Regression Testing

59 | P a g e
 Answer: C
Explanation: Refactoring is the process of improving code without changing its
functionality, not a testing technique.

4. Which design pattern ensures a class has only one instance and provides a
global point of access to it?

 A) Factory Pattern
 B) Singleton Pattern
 C) Observer Pattern
 D) Prototype Pattern

Answer: B
Explanation: The Singleton pattern ensures that a class has only one instance and
provides a global access point to that instance.

5. In which SDLC phase are Unit, Integration, and System testing performed?

 A) Deployment Phase
 B) Maintenance Phase
 C) Testing Phase
 D) Design Phase

Answer: C
Explanation: The Testing phase of the SDLC involves different levels of testing such as
unit, integration, and system testing.

6. Which of the following is a principle in SOLID that suggests software entities

should be open for extension but closed for modification?

 A) Single Responsibility Principle

 B) Open/Closed Principle
 C) Dependency Inversion Principle
 D) Interface Segregation Principle

Answer: B
Explanation: The Open/Closed Principle states that software entities should be open to
extension but closed to modification, promoting flexible and maintainable code.

60 | P a g e
7. Which type of testing focuses on evaluating the internal structure of the
application?

 A) Black Box Testing

 B) White Box Testing
 C) Unit Testing
 D) Acceptance Testing

Answer: B
Explanation: White Box Testing involves testing the internal structure and workings of
an application, unlike Black Box Testing, which focuses on functionality.

8. In the context of SDLC, which term refers to reviewing code to improve its
structure without changing its behavior?

 A) Refactoring
 B) Debugging
 C) Regression Testing
 D) Integration Testing

Answer: A
Explanation: Refactoring is the process of restructuring existing code to improve its
readability, efficiency, or maintainability without altering its functionality.

9. Which of the following is true about the Factory Design Pattern?

 A) It allows creating a family of related or dependent objects.

 B) It ensures that only one instance of a class is created.
 C) It defines an interface for creating an object but lets subclasses alter the type of object
that will be created.
 D) It provides a global point of access to the object.

Answer: C
Explanation: The Factory pattern defines an interface for creating objects and lets
subclasses decide which class to instantiate.

10. What is the primary focus of Regression Testing?

 A) Finding bugs in new functionality

 B) Testing the application’s performance
61 | P a g e
  C) Verifying that new changes haven’t affected the existing functionality
 D) Testing the application for security vulnerabilities

Answer: C
Explanation: Regression Testing ensures that new code or modifications do not
negatively impact existing functionalities.

11. Which of the following testing methods is most appropriate for testing the
application's functionality without knowing its internal structure?

 A) White Box Testing

 B) Black Box Testing
 C) Unit Testing
 D) Performance Testing

Answer: B
Explanation: Black Box Testing evaluates the functionality of the application without
any knowledge of the underlying code or architecture.

12. Which design pattern is intended to decouple an abstraction from its

implementation so that both can vary independently?

 A) Factory Pattern
 B) Bridge Pattern
 C) Adapter Pattern
 D) Strategy Pattern

Answer: B
Explanation: The Bridge pattern decouples the abstraction from its implementation,
allowing them to evolve independently.

13. In the context of SOLID principles, the Dependency Inversion Principle

suggests:

 A) Depend on abstractions, not concretions.

 B) Each class should have only one reason to change.
 C) Objects should be open to extension but closed to modification.
 D) Many client-specific interfaces are better than one general-purpose interface.

62 | P a g e
 Answer: A
Explanation: The Dependency Inversion Principle states that high-level modules should
not depend on low-level modules but rather on abstractions.

14. Which phase of the SDLC typically involves activities such as code
walkthroughs, code reviews, and unit testing?

 A) Coding Phase
 B) Deployment Phase
 C) Maintenance Phase
 D) Requirement Gathering Phase

Answer: A
Explanation: The Coding phase involves the actual development of the software,
including code reviews, unit testing, and implementation of logic.

15. Which testing approach divides the application into logical modules and
verifies that each one functions correctly when integrated?

 A) Unit Testing
 B) System Testing
 C) Integration Testing
 D) Regression Testing

Answer: C
Explanation: Integration Testing checks how different modules of the application
interact and function together as a complete system.

16. What type of testing is done to ensure that a fix or enhancement has not
broken any other parts of the system?

 A) Unit Testing
 B) Regression Testing
 C) White Box Testing
 D) UAT

Answer: B
Explanation: Regression Testing ensures that a recent code change or bug fix hasn't
adversely affected existing functionalities.

63 | P a g e
17. Which design pattern is commonly used to represent a group of objects as a
single object?

 A) Singleton Pattern
 B) Composite Pattern
 C) Observer Pattern
 D) Decorator Pattern

Answer: B
Explanation: The Composite pattern allows treating individual objects and compositions
of objects uniformly by representing a group of objects as a single entity.

18. In software testing, what does "UAT" stand for?

 A) Unit Acceptance Test

 B) User Analysis Testing
 C) User Acceptance Testing
 D) Usability and Accessibility Testing

Answer: C
Explanation: UAT stands for User Acceptance Testing, which is done by the end-users
to verify if the system meets their requirements.

19. Which principle of SOLID states that a class should have one and only one
reason to change?

 A) Single Responsibility Principle

 B) Open/Closed Principle
 C) Liskov Substitution Principle
 D) Dependency Inversion Principle

Answer: A
Explanation: The Single Responsibility Principle (SRP) ensures that a class should have
only one reason to change, making the code easier to maintain.

20. Which of the following is NOT part of the SOLID principles?

 A) Open/Closed Principle
64 | P a g e
  B) Liskov Substitution Principle
 C) DRY (Don't Repeat Yourself) Principle
 D) Interface Segregation Principle

Answer: C
Explanation: DRY (Don't Repeat Yourself) is a software engineering principle but not
one of the five SOLID principles.

21. Which SDLC model is best suited for handling very complex projects where
risk analysis is a crucial step?

 A) Waterfall Model
 B) V-Model
 C) Spiral Model
 D) Agile Model

Answer: C
Explanation: The Spiral Model is designed to manage complex projects and includes
risk assessment at every iteration, making it ideal for high-risk projects.

22. In which SDLC phase is the feasibility of the project evaluated based on
resources, time, and cost?

 A) Requirement Gathering Phase

 B) Design Phase
 C) Planning Phase
 D) Coding Phase

Answer: C
Explanation: The Planning phase assesses the feasibility of a project in terms of
available resources, time, and budget.

23. In terms of SOLID principles, which design issue is avoided by adhering to

the Liskov Substitution Principle (LSP)?

 A) Inconsistent Interface Definitions

 B) Tight Coupling Between Classes
 C) Violations of Object Substitutability
 D) Incompatible Polymorphism

65 | P a g e
 Answer: C
Explanation: The Liskov Substitution Principle ensures that subclasses can be
substituted for their base classes without altering the correctness of the program.

24. Which of the following is a key benefit of using the Prototype design pattern?

 A) Creating an object by reusing a shared instance

 B) Allowing object creation without specifying the exact class
 C) Copying objects without the expense of a "new" operation
 D) Providing a global point of access to a single instance

Answer: C
Explanation: The Prototype pattern is used to clone objects, reducing the cost of creating
new instances, particularly when the instantiation is expensive.

25. Which of the following testing levels focuses on testing the entire integrated
application to ensure it meets the business requirements?

 A) Unit Testing
 B) System Testing
 C) Integration Testing
 D) Acceptance Testing

Answer: B
Explanation: System Testing evaluates the entire application to ensure that it meets both
functional and non-functional requirements.

26. In Agile methodologies, which phase of SDLC is repeated multiple times?

 A) Requirement Gathering
 B) Maintenance
 C) Testing
 D) Design and Development

Answer: D
Explanation: In Agile, the Design and Development phase is iterated multiple times in
short cycles, allowing for incremental delivery of functionality.

66 | P a g e
27. Which type of testing is primarily concerned with the validation of the non-
functional aspects of an application, such as performance, scalability, and
security?

 A) Functional Testing
 B) Non-Functional Testing
 C) Unit Testing
 D) User Acceptance Testing

Answer: B
Explanation: Non-Functional Testing focuses on aspects like performance, reliability,
and security rather than just functionality.

28. What is the primary characteristic of the Adapter design pattern?

 A) Allows objects to be created without knowing their specific type.

 B) Ensures that only one instance of a class is created.
 C) Provides an interface to wrap an incompatible class so it works with existing code.
 D) Facilitates communication between different objects without modifying their
behavior.

Answer: C
Explanation: The Adapter pattern allows incompatible interfaces to work together by
providing a wrapper class to adapt one interface to another.

29. In which SDLC phase is a product put into a real-world environment and
users begin using it for its intended purpose?

 A) Testing Phase
 B) Deployment Phase
 C) Maintenance Phase
 D) Requirement Gathering Phase

Answer: B
Explanation: The Deployment phase involves releasing the product to the customer,
where it is put into a real-world environment for use.

30. Which design principle helps avoid breaking the code by ensuring that a class
or module should have only one reason to change?

67 | P a g e
  A) Single Responsibility Principle (SRP)
 B) Open/Closed Principle (OCP)
 C) Interface Segregation Principle (ISP)
 D) Liskov Substitution Principle (LSP)

Answer: A
Explanation: The Single Responsibility Principle (SRP) ensures that a class should have
only one reason to change, which makes the code easier to maintain and less error-prone.

31. Which testing technique is focused on ensuring that individual components of

a system work together as expected when combined?

 A) Integration Testing
 B) Unit Testing
 C) System Testing
 D) Acceptance Testing

Answer: A
Explanation: Integration Testing evaluates the interaction between different modules or
components in a system to verify that they work together as expected.

32. In SOLID principles, which principle suggests that clients should not be
forced to depend on methods they do not use?

 A) Single Responsibility Principle

 B) Open/Closed Principle
 C) Liskov Substitution Principle
 D) Interface Segregation Principle

Answer: D
Explanation: The Interface Segregation Principle (ISP) recommends that a client should
not depend on interfaces it does not use, promoting smaller, more focused interfaces.

33. What is the purpose of Dependency Injection in software engineering?

 A) To reduce memory leaks in an application

 B) To decouple the creation of objects from the classes that use them
 C) To automatically inject testing dependencies
 D) To reduce compile-time dependencies

68 | P a g e
 Answer: B
Explanation: Dependency Injection helps decouple the instantiation of objects from the
classes that use them, making code more modular and testable.

34. Which of the following SDLC models emphasizes documentation and rigid
structure, making it less adaptable to changes during development?

 A) Agile Model
 B) Waterfall Model
 C) V-Model
 D) Spiral Model

Answer: B
Explanation: The Waterfall model is linear and documentation-heavy, making it difficult
to incorporate changes once development begins.

35. Which design pattern is used to define a family of algorithms, encapsulate

each one, and make them interchangeable?

 A) Observer Pattern
 B) Strategy Pattern
 C) Adapter Pattern
 D) Composite Pattern

Answer: B
Explanation: The Strategy pattern defines a family of algorithms, encapsulates each one,
and allows them to be interchangeable without altering the client that uses them.

36. Which type of testing ensures that each individual unit of the software works
as intended, typically conducted by developers?

 A) System Testing
 B) Unit Testing
 C) Integration Testing
 D) Regression Testing

Answer: B
Explanation: Unit Testing involves testing individual units or components of the
software to ensure that they perform as expected.

69 | P a g e
37. Which of the following is NOT a benefit of the Agile development process?

 A) Increased flexibility and adaptability

 B) Rigid adherence to initial plans
 C) Early delivery of a product to market
 D) Continuous customer involvement

Answer: B
Explanation: Agile is characterized by flexibility, adaptability, and customer
collaboration, in contrast to rigid adherence to an initial plan.

38. Which of the following design patterns is useful for converting the interface
of a class into another interface that clients expect?

 A) Factory Pattern
 B) Adapter Pattern
 C) Singleton Pattern
 D) Observer Pattern

Answer: B
Explanation: The Adapter Pattern allows a class to be used by converting its interface
into a compatible one expected by clients.

39. What is the main purpose of the Observer design pattern?

 A) To provide a global point of access to an instance of a class

 B) To allow communication between a subject and multiple observers
 C) To define a family of algorithms and make them interchangeable
 D) To clone objects without the cost of creating them from scratch

Answer: B
Explanation: The Observer pattern allows multiple objects (observers) to listen for
updates from a subject and respond accordingly.

70 | P a g e
40. In which SDLC model are development and testing phases carried out
simultaneously?

 A) Waterfall Model
 B) V-Model
 C) Agile Model
 D) Iterative Model

Answer: B
Explanation: In the V-Model, development and testing activities are performed in
parallel, ensuring validation at each stage of development.

Databases:

o Basic Database Concepts: Relational DBMS, ER Diagram, Transactions

(ACID Properties), Keys (Primary, Foreign, Candidate, Alternate etc.),
Indexes, Normalization and Joins.

1. Which of the following is true about the ACID property in a database

transaction?

 A) Durability ensures that once a transaction commits, changes are lost if the system
crashes.
 B) Isolation ensures that multiple transactions occurring at the same time are independent
of each other.
 C) Consistency ensures that the database is left in an inconsistent state after a transaction.
 D) Atomicity ensures that a transaction can be partially completed.

Answer: B
Explanation: Isolation ensures that the operations of one transaction are isolated from
others, preventing interference between concurrent transactions. Consistency ensures the
database remains consistent before and after the transaction, while Durability guarantees
persistence of the transaction once committed, even in the event of a crash.

2. Which of the following operations in relational databases is responsible for

removing redundant data and improving query performance?

 A) Denormalization
 B) Joins
 C) Indexing
 D) Normalization

71 | P a g e
 Answer: D
Explanation: Normalization is the process of organizing data to reduce redundancy and
improve data integrity, typically by dividing large tables into smaller ones and defining
relationships between them.

3. In an ER diagram, a weak entity set is typically associated with which of the

following?

 A) Primary Key
 B) Foreign Key
 C) Strong Entity Set
 D) Ternary Relationship

Answer: C
Explanation: A weak entity set cannot be uniquely identified by its own attributes alone
and must be associated with a strong entity set via a foreign key.

4. Which type of key is used to uniquely identify tuples in a table but cannot
serve as the primary key?

 A) Candidate Key
 B) Foreign Key
 C) Composite Key
 D) Alternate Key

Answer: D
Explanation: An alternate key is a candidate key that is not chosen as the primary key
but can still uniquely identify tuples in the table.

5. Which of the following types of joins will return all rows from the left table,
along with matched rows from the right table, and NULLs for non-matched
rows?

 A) Inner Join
 B) Left Outer Join
 C) Right Outer Join
 D) Full Outer Join

72 | P a g e
 Answer: B
Explanation: A Left Outer Join returns all records from the left table and the matching
rows from the right table. If there is no match, NULL values are returned for the right
table.

6. Which normalization form eliminates transitive dependency but still allows

partial dependency?

 A) 1NF
 B) 2NF
 C) 3NF
 D) BCNF

Answer: B
Explanation: 2NF eliminates partial dependencies (where a non-key attribute depends on
part of a composite primary key) but does not eliminate transitive dependencies. 3NF
removes transitive dependencies.

7. In a relational database, which property ensures that all attributes in a table

are atomic, meaning they contain indivisible values?

 A) 1NF
 B) 2NF
 C) 3NF
 D) BCNF

Answer: A
Explanation: 1NF (First Normal Form) requires that all attributes contain only atomic
(indivisible) values, and that each attribute value is unique.

8. Which of the following accurately describes a clustered index?

 A) It creates an additional copy of the data in a separate file.

 B) It rearranges the rows of the table to match the order of the index.
 C) It allows multiple clustered indexes per table.
 D) It is faster than a non-clustered index for reading data.

Answer: B
Explanation: A clustered index rearranges the rows of the table in the order of the index.

73 | P a g e
 A table can only have one clustered index, but it provides faster read performance for
ordered data.

9. Which of the following is NOT a property of the BCNF (Boyce-Codd Normal

Form)?

 A) Every determinant is a candidate key.

 B) It is stricter than 3NF.
 C) It eliminates all redundancy in a relation.
 D) A relation in BCNF must also be in 1NF and 2NF.

Answer: C
Explanation: BCNF ensures that every determinant is a candidate key, but it does not
eliminate all redundancy. Some functional dependencies might still exist.

10. What is the primary purpose of a Foreign Key in a relational database?

 A) To uniquely identify records within a table.

 B) To enforce referential integrity between two tables.
 C) To speed up query performance through indexing.
 D) To allow for many-to-many relationships between tables.

Answer: B
Explanation: A Foreign Key ensures referential integrity by linking two tables, ensuring
that the value in one table corresponds to a valid record in another.

11. Which of the following SQL statements is used to change the structure of an
existing database table?

 A) INSERT
 B) UPDATE
 C) ALTER
 D) SELECT

Answer: C
Explanation: The ALTER command is used to modify the structure of an existing table,
such as adding, deleting, or modifying columns.

74 | P a g e
12. Which type of join is most likely to return the Cartesian product of two tables
if no join condition is specified?

 A) Inner Join
 B) Outer Join
 C) Natural Join
 D) Cross Join

Answer: D
Explanation: A Cross Join returns the Cartesian product of two tables, meaning every
row in the first table is combined with every row in the second table.

13. Which of the following types of SQL constraints ensures that a column
cannot accept NULL values?

 A) UNIQUE
 B) CHECK
 C) NOT NULL
 D) PRIMARY KEY

Answer: C
Explanation: The NOT NULL constraint ensures that a column cannot have NULL values.
It is commonly used with the PRIMARY KEY constraint.

14. What does the term "referential integrity" in a relational database refer to?

 A) Ensuring that a database remains logically consistent.

 B) Ensuring that foreign key values match primary key values in related tables.
 C) Ensuring that all database transactions are durable.
 D) Ensuring that indexes are used effectively to optimize query performance.

Answer: B
Explanation: Referential integrity ensures that foreign key values in one table match the
primary key values in another, preventing orphaned records.

15. Which of the following is a property of the 3rd Normal Form (3NF) in
databases?

 A) Every non-prime attribute is fully dependent on the primary key.

75 | P a g e
  B) No non-key attribute is transitively dependent on the primary key.
 C) Every table must contain a composite key.
 D) Every functional dependency is preserved.

Answer: B
Explanation: 3NF requires that there are no transitive dependencies, meaning no non-
key attribute is dependent on another non-key attribute.

16. Which SQL command is used to remove a table from the database entirely?

 A) DELETE
 B) TRUNCATE
 C) REMOVE
 D) DROP

Answer: D
Explanation: The DROP command is used to remove a table (or other database objects)
entirely from the database. DELETE removes rows, and TRUNCATE removes all rows but
retains the table structure.

17. Which of the following types of relationships in an ER diagram must always

have a primary key from one table serve as a foreign key in another table?

 A) One-to-One
 B) One-to-Many
 C) Many-to-Many
 D) Self-Referencing

Answer: B
Explanation: In a One-to-Many relationship, the primary key from the "one" side
becomes a foreign key in the "many" side table to maintain referential integrity.

18. What is the effect of indexing a column in a database table?

 A) It creates a new table with indexed data.

 B) It improves the speed of data retrieval.
 C) It normalizes the table automatically.
 D) It compresses the data to save space.

76 | P a g e
 Answer: B
Explanation: Indexing improves data retrieval speed by creating a data structure that
allows for faster search and query execution.

19. Which SQL operation is used to combine two or more SELECT queries and
return the distinct rows that result?

 A) UNION ALL
 B) JOIN
 C) INTERSECT
 D) UNION

Answer: D
Explanation: The UNION operation combines the result sets of two or more SELECT
queries, returning distinct rows. UNION ALL returns all rows, including duplicates.

20. In a relational database, which of the following is used to define a default

value for a column when no value is provided during an insert operation?

 A) INDEX
 B) CONSTRAINT
 C) DEFAULT
 D) CHECK

Answer: C
Explanation: The DEFAULT keyword sets a default value for a column if no explicit value
is provided during the insert operation.

21. Which of the following is a potential drawback of using a clustered index on a

large table?

 A) Increased storage requirements

 B) Slower read operations
 C) Increased I/O during inserts and updates
 D) More complex query plans

Answer: C
Explanation: Clustered indexes physically rearrange the data in the table to match the
index, which can increase I/O operations during inserts and updates since rows may need
to be shifted.

77 | P a g e
22. Which of the following statements is true regarding deferred constraints in a
relational database?

 A) They are always checked after every DML operation.

 B) They are checked immediately before every DML operation.
 C) They can be deferred until a transaction commits.
 D) They cannot be deferred once set on a column.

Answer: C
Explanation: Deferred constraints can be checked after a transaction completes instead
of after every DML operation, allowing for batch validation.

23. What is the result of applying the Third Normal Form (3NF) but not Boyce-
Codd Normal Form (BCNF)?

 A) Transitive dependencies are removed.

 B) Functional dependencies are guaranteed to hold.
 C) There may still be anomalies if non-candidate key dependencies exist.
 D) Redundancy is eliminated entirely.

Answer: C
Explanation: 3NF eliminates transitive dependencies, but BCNF ensures that every
determinant is a candidate key. If 3NF is applied without BCNF, anomalies can still
occur due to non-candidate key dependencies.

24. In which scenario would a composite key be necessary for a relational

database table?

 A) When a single attribute uniquely identifies each row.

 B) When multiple foreign keys exist in the same table.
 C) When two or more attributes together uniquely identify a row.
 D) When no candidate key exists.

Answer: C
Explanation: A composite key is required when two or more attributes together can
uniquely identify a record in a table.

78 | P a g e
25. What is the primary risk of denormalizing a database to improve query
performance?

 A) Increased query complexity

 B) Decreased consistency due to potential redundancy
 C) Slower write performance
 D) Increased foreign key constraints

Answer: B
Explanation: Denormalization introduces redundancy, which can lead to data
inconsistency because updates need to be made in multiple places.

26. Which of the following correctly describes a trigger in a relational database?

 A) It automatically indexes a table after insertion.

 B) It defines automatic actions based on DML operations.
 C) It is an external API call used to fetch data.
 D) It enforces referential integrity in foreign key constraints.

Answer: B
Explanation: A trigger automatically executes a predefined action when a specified
event (like INSERT, UPDATE, or DELETE) occurs on a table.

27. Which join type will exclude unmatched rows from both participating tables?

 A) Left Join
 B) Right Join
 C) Full Outer Join
 D) Inner Join

Answer: D
Explanation: An Inner Join returns only the rows that have matching values in both
tables, excluding unmatched rows from both sides.

28. In a highly normalized database design, which operation is most likely to

experience performance degradation?

 A) INSERT
 B) DELETE

79 | P a g e
  C) JOIN
 D) SELECT

Answer: C
Explanation: A highly normalized database often has many tables and foreign key
relationships, leading to more complex and slower JOIN operations, especially if large
datasets are involved.

29. What happens when a deadlock is detected in a database system?

 A) Both transactions continue execution.

 B) The system automatically commits both transactions.
 C) One transaction is rolled back to break the deadlock.
 D) Both transactions are aborted.

Answer: C
Explanation: When a deadlock is detected, the system selects one of the transactions as
the victim and rolls it back, allowing the other to proceed.

30. In which case would a database use a bitmap index over a B-tree index?

 A) When there are many unique values in a column.

 B) When the column contains a small number of distinct values.
 C) For faster insert operations.
 D) When performing range queries.

Answer: B
Explanation: Bitmap indexes are efficient when a column has a small number of distinct
values (low cardinality), as they store bits to represent rows that satisfy a condition.

31. In a transaction where multiple SQL statements are executed, what does the
term write-ahead logging refer to?

 A) Writing changes directly to the database.

 B) Logging SQL statements before executing them.
 C) Writing changes to a log before applying them to the database.
 D) Writing committed data after the transaction ends.

80 | P a g e
 Answer: C
Explanation: Write-ahead logging ensures that changes are written to a log before being
applied to the actual database, allowing recovery in case of failure.

32. Which of the following is a potential disadvantage of using stored procedures

in relational databases?

 A) Increased network traffic

 B) Increased maintenance complexity
 C) Reduced execution speed
 D) Inability to reuse code

Answer: B
Explanation: Stored procedures can increase maintenance complexity since logic is
embedded within the database, which may require version control and more effort to
update and manage.

33. Which of the following types of transactions must occur independently of

other transactions to avoid interference?

 A) Consistent transactions
 B) Serializable transactions
 C) Committed transactions
 D) Atomic transactions

Answer: B
Explanation: Serializable transactions must appear to execute in isolation from other
transactions to avoid interference, ensuring the highest level of isolation.

34. Which of the following is a consequence of applying functional dependency

incorrectly in a relational schema?

 A) Redundancy is completely eliminated.

 B) Data anomalies like insertion, deletion, and update anomalies arise.
 C) Query execution time decreases significantly.
 D) Indexes are automatically generated.

Answer: B
Explanation: Incorrect functional dependencies can lead to anomalies such as update,
insert, or delete anomalies, causing inconsistencies in the database.
81 | P a g e
35. In an ER diagram, how is a total participation of an entity set in a relationship
represented?

 A) Using a dashed line between the entity and the relationship.

 B) Using a double line between the entity and the relationship.
 C) Using a foreign key.
 D) Using a diamond shape for the entity.

Answer: B
Explanation: Total participation is represented by a double line between the entity set
and the relationship in an ER diagram, indicating that every entity in the set must
participate in the relationship.

36. Which isolation level in SQL allows for dirty reads but prevents lost updates?

 A) Serializable
 B) Repeatable Read
 C) Read Committed
 D) Read Uncommitted

Answer: D
Explanation: Read Uncommitted allows dirty reads (reading uncommitted data from
another transaction), but it prevents lost updates by ensuring that each write is visible
immediately.

37. Which of the following best describes shadow paging in database recovery
techniques?

 A) Creating a backup before each transaction.

 B) Logging changes before applying them to the database.
 C) Using a copy of the database to reflect the state before a transaction.
 D) Marking pages as "shadowed" during transactions.

Answer: C
Explanation: Shadow paging keeps a copy (shadow) of the database, reflecting the state
before the transaction, ensuring that the original pages are not overwritten until the
transaction completes.

82 | P a g e
38. Which of the following types of constraints is used to limit the range of values
a column can take in a relational database?

 A) CHECK
 B) NOT NULL
 C) UNIQUE
 D) PRIMARY KEY

Answer: A
Explanation: The CHECK constraint is used to limit the range or values a column can
hold, ensuring that the data meets specific conditions.

39. Which normalization form (NF) eliminates all partial and transitive
dependencies, ensuring that every non-key attribute depends only on the
primary key?

 A) 1NF
 B) 2NF
 C) 3NF
 D) BCNF

Answer: C
Explanation: 3NF eliminates all partial and transitive dependencies, ensuring that every
non-key attribute is directly dependent on the primary key.

40. Which of the following correctly describes a phantom read in the context of
transaction isolation levels?

 A) Reading uncommitted changes from another transaction.

 B) A row that appears in a result set of one query but not in a subsequent query.
 C) Two transactions overwriting each other’s changes.
 D) Inserting a record without updating associated foreign keys.

Answer: B
Explanation: A phantom read occurs when a new row is inserted by another transaction,
and subsequent reads by the original transaction return different results.

83 | P a g e
 Basic questions based on different types of web
application attacks like:

Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Injection

Attacks, DDoS (Distributed Denial-of-Service), Brute Force Attack etc.

o Tree Traversal strategies like Breadth and Depth First Search o Questions
based on Data Structures with code snippets

o Digital Signatures use case and importance o Public-Private Key Encryption

Symmetric and Asymmetric Keys

o Digital Signatures use case and importance o Public-Private Key Encryption

o OWASP 10 Web-Security Risks

o Database related question based on:

▪ DDL, DML and TCL commands ▪ Basic of SQL Functions ▪ Views, Triggers
and Cursors o Monolith vs Microservice architecture.

1. Which of the following best describes a Cross-Site Scripting (XSS) attack?

 A) Injecting malicious code into a web application to run on the server.

 B) Injecting malicious scripts into a website that are executed by a user's browser.
 C) Manipulating a user’s session tokens to hijack a session.
 D) Flooding a server with requests to deny service to legitimate users.

Answer: B
Explanation: XSS involves injecting malicious scripts into websites, which are then
executed in the victim's browser, potentially leading to data theft or session hijacking.

2. What is the primary defense mechanism against Cross-Site Request Forgery

(CSRF) attacks?

 A) Encrypting session tokens.

 B) Using CAPTCHAs for form submissions.
 C) Including anti-CSRF tokens in form submissions.
 D) Limiting the session duration.

Answer: C
Explanation: Anti-CSRF tokens are unique tokens included in forms that verify a

84 | P a g e
 request is legitimate and prevent attackers from making unauthorized requests on behalf
of users.

3. Which of the following describes an SQL Injection attack?

 A) Manipulating session cookies to hijack a user’s session.

 B) Injecting malicious SQL code into queries to manipulate databases.
 C) Overloading the server with requests to cause denial of service.
 D) Exploiting buffer overflows in web servers.

Answer: B
Explanation: SQL injection involves injecting malicious SQL code into a query,
enabling attackers to manipulate databases, exfiltrate data, or bypass authentication.

4. Which tree traversal strategy visits nodes in the following order: left subtree,
node, right subtree?

 A) Pre-order
 B) In-order
 C) Post-order
 D) Level-order

Answer: B
Explanation: In-order traversal visits nodes in the order of left subtree, current node, and
right subtree, often used for binary search trees (BSTs).

5. Which of the following is a characteristic of a Distributed Denial-of-Service

(DDoS) attack?

 A) Involves one computer attacking another server.

 B) Uses multiple compromised systems to target a server with a large volume of requests.
 C) Steals sensitive data by exploiting weak encryption.
 D) Redirects users from a legitimate website to a malicious site.

Answer: B
Explanation: DDoS attacks involve multiple compromised machines flooding a server
with traffic to make it unavailable to legitimate users.

85 | P a g e
6. Which data structure is best suited for implementing Breadth-First Search
(BFS) traversal of a graph?

 A) Stack
 B) Queue
 C) Hash Table
 D) Linked List

Answer: B
Explanation: BFS uses a queue to explore nodes level by level in a graph or tree, visiting
all neighbors of a node before moving deeper.

7. What is the difference between public-key and private-key encryption?

 A) Public-key encryption uses the same key for both encryption and decryption.
 B) Private-key encryption is faster but less secure than public-key encryption.
 C) Public-key encryption uses two different keys, one for encryption and one for
decryption.
 D) Private-key encryption is used for digital signatures only.

Answer: C
Explanation: Public-key encryption uses a pair of keys: a public key for encryption and
a private key for decryption, offering a secure communication method.

8. Which of the following is not a member of the OWASP Top 10 web application
security risks?

 A) Injection Attacks
 B) Sensitive Data Exposure
 C) Insecure Deserialization
 D) Password Brute Force Attack

Answer: D
Explanation: Password brute force attacks are not specifically listed in the OWASP Top
10, although related issues such as broken authentication are addressed.

9. Which of the following is not a DDL (Data Definition Language) command?

 A) CREATE
 B) ALTER
86 | P a g e
  C) UPDATE
 D) DROP

Answer: C
Explanation: UPDATE is a DML (Data Manipulation Language) command, used for
modifying data, while CREATE, ALTER, and DROP are DDL commands used for defining or
modifying database structure.

10. Which of the following database objects can store compiled code that is
automatically executed in response to certain events?

 A) View
 B) Index
 C) Trigger
 D) Cursor

Answer: C
Explanation: A trigger contains compiled code that executes automatically when a
specified event, such as an insert, update, or delete, occurs on a table.

11. Which of the following is the primary benefit of using digital signatures?

 A) Ensuring data confidentiality

 B) Ensuring data authenticity and integrity
 C) Encrypting data for storage
 D) Compressing data for faster transmission

Answer: B
Explanation: Digital signatures ensure that the data comes from a verified source
(authenticity) and that it has not been altered (integrity).

12. Which key characteristic differentiates microservice architecture from

monolith architecture?

 A) Microservices are dependent on each other.

 B) Microservices are tightly coupled with shared databases.
 C) Microservices are independent, modular, and deployable separately.
 D) Microservices only work with relational databases.

87 | P a g e
 Answer: C
Explanation: In microservice architecture, each service is an independent unit, modular,
and can be deployed independently without affecting other services.

13. Which type of tree traversal guarantees that the nodes of a binary search tree
(BST) are visited in ascending order?

 A) Pre-order
 B) Post-order
 C) In-order
 D) Level-order

Answer: C
Explanation: In-order traversal of a binary search tree visits nodes in ascending order
because it processes the left subtree, the current node, and then the right subtree.

14. What type of attack is primarily mitigated by input validation and prepared
statements?

 A) Cross-Site Scripting (XSS)

 B) SQL Injection
 C) Cross-Site Request Forgery (CSRF)
 D) Brute Force Attack

Answer: B
Explanation: SQL injection attacks can be mitigated by using input validation and
prepared statements, which prevent attackers from injecting malicious SQL queries.

15. Which command is a DML (Data Manipulation Language) operation in

SQL?

 A) INSERT
 B) CREATE
 C) GRANT
 D) DROP

Answer: A
Explanation: INSERT is a DML command used to add data into a database table. CREATE

88 | P a g e
 and DROP are DDL commands, while GRANT is a DCL (Data Control Language)
command.

16. Which of the following is a benefit of using symmetric-key encryption over

asymmetric-key encryption?

 A) It requires fewer keys for secure communication between multiple parties.

 B) It offers better data integrity guarantees.
 C) It is faster and more efficient for encrypting large amounts of data.
 D) It provides better security for digital signatures.

Answer: C
Explanation: Symmetric-key encryption is faster and more efficient for encrypting large
datasets since it uses the same key for both encryption and decryption.

17. Which SQL clause is used to filter results based on a condition applied after
grouping?

 A) WHERE
 B) GROUP BY
 C) HAVING
 D) ORDER BY

Answer: C
Explanation: The HAVING clause is used to filter records after a GROUP BY operation,
whereas WHERE is used before grouping.

18. In the context of cryptography, what is the primary function of a public key?

 A) To encrypt data that can only be decrypted by the corresponding private key.
 B) To decrypt data that was encrypted using the corresponding private key.
 C) To generate a symmetric key.
 D) To sign digital certificates.

Answer: A
Explanation: In public-key cryptography, the public key is used to encrypt data, which
can only be decrypted by the holder of the corresponding private key.

89 | P a g e
19. Which of the following is true about a cursor in SQL?

 A) It is used to optimize SELECT queries.

 B) It allows row-by-row processing of query results.
 C) It is a type of join operation.
 D) It performs aggregate operations on large datasets.

Answer: B
Explanation: A cursor allows row-by-row processing of query results, which is useful
for operations that require iteration over result sets.

20. Which of the following is the least likely threat in a monolithic architecture
compared to a microservices architecture?

 A) Single point of failure

 B) Service-to-service communication vulnerabilities
 C) Inconsistent state across services
 D) Difficulty in scaling individual components

Answer: B
Explanation: Service-to-service communication vulnerabilities are more common in
micro

21. Which of the following techniques can prevent Cross-Site Scripting (XSS)
attacks?

 A) Input validation
 B) Enabling HTTP Strict Transport Security (HSTS)
 C) Using HTTP cookies for authentication
 D) Regularly updating server software

Answer: A
Explanation: Input validation is crucial for preventing XSS attacks by ensuring that any
data sent to the server is properly sanitized to remove potentially harmful scripts.

22. In the context of web applications, what does the Same-Origin Policy
enforce?

 A) Only requests from the same domain can access resources on that domain.
 B) Only secure HTTPS requests are allowed.
 C) Cookies must be sent over encrypted connections.

90 | P a g e
  D) Users must authenticate with a username and password.

Answer: A
Explanation: The Same-Origin Policy restricts web pages from making requests to a
different domain than the one that served the web page, preventing certain types of
attacks like XSS.

23. Which HTTP method is idempotent and can be safely retried without causing
side effects?

 A) POST
 B) GET
 C) DELETE
 D) PUT

Answer: B
Explanation: The GET method is idempotent, meaning multiple identical requests
should have the same effect as a single request, making it safe to retry.

24. Which of the following is the main purpose of an AJAX request?

 A) To send data to a server without refreshing the page.

 B) To enforce authentication on web applications.
 C) To increase the security of cookies.
 D) To improve the speed of loading web pages.

Answer: A
Explanation: AJAX (Asynchronous JavaScript and XML) allows web applications to
send and retrieve data asynchronously without interfering with the display and behavior
of the existing page.

25. What is the purpose of the SameSite attribute in cookies?

 A) To encrypt cookie data.

 B) To restrict when cookies are sent in cross-origin requests.
 C) To automatically expire cookies after a certain time.
 D) To compress cookie data for faster transmission.

91 | P a g e
 Answer: B
Explanation: The SameSite attribute helps mitigate CSRF attacks by controlling how
cookies are sent in cross-origin requests, enhancing security.

26. What does REST stand for in the context of web services?

 A) Reliable and Secure Transactions

 B) Representational State Transfer
 C) Remote Endpoint Service Technology
 D) Readable and Simple Text

Answer: B
Explanation: REST stands for Representational State Transfer, an architectural style for
designing networked applications using standard HTTP methods.

27. In Git, what command is used to create a new branch?

 A) git create branch

 B) git branch <branch_name>
 C) git new branch <branch_name>
 D) git checkout -b <branch_name>

Answer: B
Explanation: The command git branch <branch_name> is used to create a new
branch in the repository. The command git checkout -b <branch_name> also creates
and switches to a new branch.

28. Which of the following best describes Black Box Testing?

 A) Testing with knowledge of the internal workings of the application.

 B) Testing based on the specifications and requirements without knowledge of internal
code.
 C) Testing only the user interface of an application.
 D) Testing the application's performance under load.

Answer: B
Explanation: Black Box Testing focuses on testing the functionality of an application
based on its specifications without any knowledge of the internal code structure.

92 | P a g e
29. Which design pattern is used to define a one-to-many dependency between
objects so that when one object changes state, all its dependents are notified and
updated automatically?

 A) Factory Pattern
 B) Observer Pattern
 C) Singleton Pattern
 D) Adapter Pattern

Answer: B
Explanation: The Observer Pattern establishes a one-to-many relationship between
objects, allowing multiple observers to be notified of changes in the subject's state.

30. What are the ACID properties in the context of database transactions?

 A) Atomicity, Consistency, Isolation, Durability

 B) Accuracy, Consistency, Isolation, Dependability
 C) Atomicity, Clarity, Isolation, Durability
 D) Authentication, Consistency, Isolation, Durability

Answer: A
Explanation: The ACID properties ensure reliable processing of database transactions:
Atomicity ensures all-or-nothing execution, Consistency ensures valid state changes,
Isolation prevents interference between transactions, and Durability guarantees that
committed transactions remain permanent.

31. Which of the following is a characteristic of a well-normalized database?

 A) Redundant data is minimized.

 B) It has many NULL values.
 C) It uses complex joins excessively.
 D) Data is stored in a denormalized form for performance.

Answer: A
Explanation: A well-normalized database minimizes redundant data, ensuring data
integrity and reducing the risk of anomalies.

93 | P a g e
32. Which of the following is NOT a common type of SQL join?

 A) INNER JOIN
 B) OUTER JOIN
 C) CROSS JOIN
 D) SELECT JOIN

Answer: D
Explanation: SELECT JOIN is not a recognized type of SQL join. The common types are
INNER JOIN, OUTER JOIN (which includes LEFT, RIGHT, and FULL), and CROSS
JOIN.

33. Which type of attack involves an attacker repeatedly guessing a user’s

password?

 A) Cross-Site Scripting (XSS)

 B) SQL Injection
 C) Brute Force Attack
 D) Denial of Service

Answer: C
Explanation: A Brute Force Attack involves systematically guessing a user's password
until the correct one is found.

34. What is the main advantage of using prepared statements in SQL?

 A) They simplify database design.

 B) They allow for dynamic table creation.
 C) They prevent SQL injection attacks.
 D) They speed up the database connection.

Answer: C
Explanation: Prepared statements prevent SQL injection attacks by separating SQL code
from data, ensuring that user input is treated as data only, not executable code.

94 | P a g e
35. Which of the following is an example of a Denial of Service (DoS) attack?

 A) An attacker sending a massive volume of requests to a web server to overwhelm it.

 B) An attacker injecting SQL code into a user input field.
 C) An attacker stealing user session cookies.
 D) An attacker using phishing emails to capture user credentials.

Answer: A
Explanation: A Denial of Service (DoS) attack aims to make a service unavailable by
overwhelming it with excessive requests.

36. Which of the following is true regarding Depth-First Search (DFS) traversal
of a graph?

 A) It uses a queue to keep track of vertices.

 B) It explores as far as possible along each branch before backtracking.
 C) It guarantees the shortest path to each node.
 D) It visits all vertices at the current depth before moving to the next level.

Answer: B
Explanation: DFS explores as deeply as possible down one branch before backtracking,
utilizing a stack or recursion.

37. Which encryption method involves a single key for both encryption and
decryption?

 A) Asymmetric encryption
 B) Symmetric encryption
 C) Hashing
 D) Digital signatures

Answer: B
Explanation: Symmetric encryption uses the same key for both encryption and
decryption, allowing for faster processing than asymmetric encryption.

95 | P a g e
38. In a RESTful API, which HTTP status code indicates that the request was
successful and that the server has created a new resource?

 A) 200 OK
 B) 201 Created
 C) 204 No Content
 D) 400 Bad Request

Answer: B
Explanation: The status code 201 Created indicates that the request was successful and a
new resource has been created.

39. Which of the following statements about triggers in databases is false?

 A) Triggers can be set to activate before or after a specified event.

 B) Triggers can be used to enforce business rules.
 C) Triggers can prevent the execution of a transaction.
 D) Triggers can be directly called from the application code.

Answer: D
Explanation: Triggers are automatically invoked by specific events (like inserts, updates,
or deletes) and cannot be called directly from application code.

40. In a microservices architecture, which of the following is a common approach

to handle service communication?

 A) Using a single database for all services.

 B) Employing synchronous HTTP requests between services.
 C) Using a monolithic approach for easier management.
 D) Storing shared state across services to ensure consistency.

Answer: B
Explanation: Microservices commonly communicate using synchronous HTTP requests
(or asynchronous messaging) to interact with each other while remaining independent.

41. Which of the following is a potential consequence of a successful Cross-Site

Request Forgery (CSRF) attack?

 A) Unauthorized actions being performed on behalf of an authenticated user.

 B) Data theft through session hijacking.
 C) An attacker injecting malicious scripts into a website.

96 | P a g e
  D) Service unavailability due to overwhelming requests.

Answer: A
Explanation: CSRF allows an attacker to trick an authenticated user into unknowingly
submitting a request, potentially leading to unauthorized actions.

42. In a microservices architecture, what is the main advantage of using an API

Gateway?

 A) It reduces the number of services in the architecture.

 B) It manages the routing and communication between client requests and various
microservices.
 C) It increases the complexity of the service interactions.
 D) It enforces a monolithic structure for easier deployment.

Answer: B
Explanation: An API Gateway acts as a single entry point, handling requests and routing
them to the appropriate microservice, simplifying client interactions.

43. What is the main role of Digital Signatures in web applications?

 A) To encrypt sensitive data before transmission.

 B) To verify the authenticity and integrity of messages.
 C) To compress data for faster transfer.
 D) To store user passwords securely.

Answer: B
Explanation: Digital Signatures provide a way to verify the authenticity and integrity of
a message or document, ensuring it hasn't been tampered with.

44. What SQL command is used to remove a table from a database?

 A) DELETE TABLE
 B) DROP TABLE
 C) REMOVE TABLE
 D) CLEAR TABLE

Answer: B
Explanation: The DROP TABLE command is used to delete a table and all its data from
the database permanently.

97 | P a g e
45. Which of the following vulnerabilities allows an attacker to execute arbitrary
SQL code on a database?

 A) Cross-Site Scripting (XSS)

 B) SQL Injection
 C) Command Injection
 D) Directory Traversal

Answer: B
Explanation: SQL Injection attacks occur when an attacker is able to manipulate SQL
queries by injecting malicious input, allowing arbitrary code execution on the database.

46. In the context of tree traversal, which algorithm guarantees visiting each
node at least once?

 A) Breadth-First Search (BFS)

 B) Depth-First Search (DFS)
 C) Both A and B
 D) Randomized Traversal

Answer: C
Explanation: Both BFS and DFS algorithms visit each node at least once during their
traversal of a tree or graph structure.

47. What is the main purpose of normalization in databases?

 A) To increase data redundancy.

 B) To optimize read performance.
 C) To eliminate data anomalies and ensure data integrity.
 D) To simplify the database schema.

Answer: C
Explanation: Normalization reduces redundancy and helps maintain data integrity by
organizing data in a way that minimizes duplication and potential anomalies.

98 | P a g e
48. Which HTTP status code indicates that the server cannot or will not process
the request due to something that is perceived to be a client error?

 A) 200 OK
 B) 400 Bad Request
 C) 403 Forbidden
 D) 404 Not Found

Answer: B
Explanation: The 400 Bad Request status code indicates that the server cannot process
the request due to a client error, such as malformed syntax.

49. In which scenario would you typically use a View in a database?

 A) To enforce data integrity rules.

 B) To create a virtual table based on the result set of a query.
 C) To permanently delete data from a table.
 D) To optimize the performance of INSERT operations.

Answer: B
Explanation: A View provides a way to create a virtual table that presents data from one
or more tables based on a specific query, simplifying complex queries for users.

50. Which of the following attacks can be mitigated using prepared statements in
SQL?

 A) Denial of Service
 B) SQL Injection
 C) Cross-Site Scripting (XSS)
 D) Brute Force Attack

Answer: B
Explanation: Prepared statements help prevent SQL Injection by separating SQL code
from user input, ensuring that the input is treated as data rather than executable code.

99 | P a g e
51. Which of the following design patterns provides a way to create an object
without specifying the exact class of object that will be created?

 A) Factory Pattern
 B) Singleton Pattern
 C) Decorator Pattern
 D) Observer Pattern

Answer: A
Explanation: The Factory Pattern allows for the creation of objects without specifying
the exact class of the object, promoting loose coupling in code.

52. Which of the following is a characteristic of a Distributed Denial of Service

(DDoS) attack?

 A) It is conducted from a single source.

 B) It overwhelms the target with requests from multiple compromised systems.
 C) It is a result of a weak password.
 D) It can only be executed on local networks.

Answer: B
Explanation: DDoS attacks involve multiple compromised systems (often part of a
botnet) flooding the target with traffic, making it unavailable to legitimate users.

53. In a REST API, what does the POST method primarily accomplish?

 A) Retrieve data from the server.

 B) Update an existing resource.
 C) Create a new resource on the server.
 D) Delete a resource from the server.

Answer: C
Explanation: The POST method is used to create a new resource on the server, often
sending data in the body of the request.

54. Which of the following statements about cookies is false?

 A) Cookies can be used to store user session information.

 B) Cookies are sent with every HTTP request.
 C) Cookies can only be created on the client side.
100 | P a g e
  D) Cookies can have an expiration date.

Answer: C
Explanation: Cookies are typically created on the server side and sent to the client,
which can then store them for subsequent requests.

55. What type of testing involves verifying the individual components of the
software for correctness?

 A) Integration Testing
 B) Unit Testing
 C) System Testing
 D) Acceptance Testing

Answer: B
Explanation: Unit Testing focuses on verifying the correctness of individual components
or functions within the software.

56. In the context of asymmetric encryption, which key is used for encryption?

 A) Public Key
 B) Private Key
 C) Shared Key
 D) Session Key

Answer: A
Explanation: In asymmetric encryption, the Public Key is used to encrypt data, while the
Private Key is used for decryption.

57. What is a key feature of the Observer design pattern?

 A) It encapsulates a group of objects and restricts access to them.

 B) It allows for one-to-many dependencies between objects, so that when one object
changes state, all its dependents are notified.
 C) It provides a way to create objects without exposing the creation logic.
 D) It restricts a class to a single instance.

Answer: B
Explanation: The Observer pattern establishes a one-to-many dependency between
objects, allowing one object to notify multiple dependents of state changes.

101 | P a g e
58. In an SQL database, what does the term "foreign key" refer to?

 A) A unique identifier for a record.

 B) A field that links two tables together.
 C) A key that is used to encrypt database transactions.
 D) A key that can be null in a table.

Answer: B
Explanation: A foreign key is a field (or collection of fields) in one table that uniquely
identifies a row of another table, establishing a relationship between the two tables.

59. Which of the following is a primary purpose of using indexes in a database?

 A) To enforce data integrity constraints.

 B) To reduce the storage space of the database.
 C) To speed up the retrieval of rows from a table.
 D) To simplify the database schema.

Answer: C
Explanation: Indexes are used to enhance the speed of data retrieval operations on a
database table by providing quick access paths to the data.

60. Which SQL command is used to change existing records in a database?

 A) CHANGE
 B) MODIFY
 C) UPDATE
 D) SET

Answer: C
Explanation: The UPDATE command is used to modify existing records in a table in a
database.

102 | P a g e
2.Infra Support

Basics of Operating Systems:

o System calls, processes, threads, inter‐process communication,

concurrency and synchronization. Deadlock. Memory management and
virtual memory.

o CPU scheduling Algorithms (FCFS, SJF, SRTF, Round Robin etc.).

o Types of memories: cache, main memory and secondary storage.

o Concept of Paging and Page Replacement Algorithms: (FIFO, Optimal page

replacement, LRU etc.)

o I/O Scheduling algorithms (FCFS, SSTF, SCAN, LOOK, CSCAN, CLOOK etc.)

1. Which of the following system calls creates a new process in an operating

system?

 A) exec()
 B) fork()
 C) kill()
 D) wait()

Answer: B
Explanation: The fork() system call is used to create a new process in UNIX-like
operating systems. It creates a child process that runs concurrently with the parent
process.

2. Which of the following is the best page replacement algorithm in terms of

minimizing page faults, but is difficult to implement?

 A) FIFO
 B) LRU
 C) Optimal Page Replacement
 D) Clock Algorithm

103 | P a g e
 Answer: C
Explanation: The Optimal Page Replacement algorithm theoretically provides the fewest
page faults but is difficult to implement because it requires future knowledge of page
references.

3. Which CPU scheduling algorithm can lead to starvation of processes?

 A) FCFS (First-Come, First-Served)

 B) SJF (Shortest Job First)
 C) Round Robin
 D) Multilevel Queue

Answer: B
Explanation: In SJF scheduling, longer jobs may suffer from starvation because shorter
jobs are always prioritized.

4. Which of the following is a necessary condition for a deadlock to occur?

 A) Preemption
 B) No mutual exclusion
 C) Circular wait
 D) Unlimited resources

Answer: C
Explanation: Deadlock requires four conditions, one of which is a circular wait, where
each process is waiting for a resource held by another process in the set.

5. What is the role of the exec() system call in process management?

 A) It creates a new process.

 B) It terminates a process.
 C) It replaces the current process image with a new one.
 D) It suspends the current process.

Answer: C
Explanation: The exec() system call replaces the current process image with a new
program, effectively running a new executable within the same process.

104 | P a g e
6. In which of the following scheduling algorithms does the CPU allocate the time
slice to processes in a cyclic order?

 A) FCFS
 B) SJF
 C) Round Robin
 D) Priority Scheduling

Answer: C
Explanation: In the Round Robin scheduling algorithm, each process is given a fixed
time slice (or quantum) and processes are cycled through until they complete execution.

7. In memory management, which technique divides the physical memory into

fixed-sized blocks and allocates them to processes?

 A) Paging
 B) Segmentation
 C) Contiguous Memory Allocation
 D) Swapping

Answer: A
Explanation: Paging divides memory into fixed-sized blocks called pages and allocates
them to processes without requiring contiguous memory allocation.

8. Which page replacement algorithm selects the page that has not been used for
the longest period of time?

 A) FIFO
 B) LRU
 C) Optimal Page Replacement
 D) Clock Algorithm

Answer: B
Explanation: The Least Recently Used (LRU) algorithm replaces the page that has not
been used for the longest time.

9. Which condition is a common cause of a deadlock in operating systems?

 A) Circular wait

105 | P a g e
  B) Preemption
 C) Starvation
 D) Infinite loops

Answer: A
Explanation: Circular wait is one of the four necessary conditions for a deadlock to
occur, where processes form a cycle and each process is waiting for a resource held by
another process in the cycle.

10. Which of the following is a characteristic of threads in a multithreaded

process?

 A) They share the same stack.

 B) They share the same program counter.
 C) They share the same memory space.
 D) They cannot communicate with each other.

Answer: C
Explanation: Threads within the same process share the same memory space, including
global variables, but each thread has its own program counter and stack.

11. What is the main disadvantage of the FIFO page replacement algorithm?

 A) It leads to a high number of page faults.

 B) It does not guarantee optimal performance.
 C) It can suffer from Belady's anomaly.
 D) It requires a large number of page frames.

Answer: C
Explanation: The FIFO page replacement algorithm can suffer from Belady's anomaly,
where adding more frames increases the number of page faults.

12. Which type of inter-process communication (IPC) mechanism provides

bidirectional communication and requires a parent-child relationship between
processes?

 A) Pipes
 B) Message Queues
 C) Shared Memory
 D) Sockets
106 | P a g e
 Answer: A
Explanation: Pipes allow bidirectional communication between parent and child
processes, making them a common IPC mechanism in UNIX-based systems.

13. Which of the following is NOT a valid strategy for handling deadlocks?

 A) Deadlock detection and recovery

 B) Deadlock prevention
 C) Deadlock ignorance
 D) Deadlock acceleration

Answer: D
Explanation: Deadlock acceleration is not a valid strategy. The other three—detection
and recovery, prevention, and even ignorance—are legitimate strategies for managing
deadlocks.

14. Which of the following I/O scheduling algorithms moves the disk arm
towards the end of the disk and then reverses direction, serving requests along
the way?

 A) FCFS
 B) SSTF
 C) SCAN
 D) LOOK

Answer: C
Explanation: The SCAN (or elevator) algorithm moves the disk arm towards one end of
the disk, serving requests, then reverses direction and continues servicing requests in the
opposite direction.

15. Which memory management technique allows programs to execute even

when they are not completely in memory?

 A) Paging
 B) Segmentation
 C) Virtual Memory
 D) Contiguous Memory Allocation

107 | P a g e
 Answer: C
Explanation: Virtual Memory allows the execution of processes that are not completely
in memory, by loading pages into memory as needed.

16. Which page replacement algorithm uses a circular list of pages and a "use"
bit to track page references?

 A) FIFO
 B) LRU
 C) Clock Algorithm
 D) Optimal Page Replacement

Answer: C
Explanation: The Clock Algorithm, also known as the Second Chance Algorithm, uses a
circular list of pages and a "use" bit to track whether a page has been recently accessed.

17. In process synchronization, which of the following techniques uses busy

waiting to achieve mutual exclusion?

 A) Semaphores
 B) Mutex locks
 C) Spinlocks
 D) Monitors

Answer: C
Explanation: Spinlocks achieve mutual exclusion by busy waiting, where a process
continuously checks for a condition, consuming CPU cycles until it can enter its critical
section.

18. Which of the following best describes thrashing in a memory management

system?

 A) A condition where too many processes are using too much CPU time.
 B) A condition where the system spends most of its time swapping pages in and out of
memory.
 C) A situation where I/O devices are overwhelmed with requests.
 D) A scenario where processes are stuck in a circular wait.

108 | P a g e
 Answer: B
Explanation: Thrashing occurs when a system is spending most of its time swapping
pages in and out of memory rather than executing processes.

19. Which of the following CPU scheduling algorithms has the shortest average
waiting time in the case where all processes arrive simultaneously?

 A) FCFS
 B) SJF (Non-preemptive)
 C) Round Robin
 D) Priority Scheduling

Answer: B
Explanation: SJF (Shortest Job First) minimizes the average waiting time when all
processes arrive at the same time by executing the shortest jobs first.

20. What happens if there is a page fault in a system using virtual memory?

 A) The process is terminated.

 B) The page is swapped from the secondary storage into main memory.
 C) The page is discarded.
 D) The process is suspended until more memory is available.

Answer: B
Explanation: In virtual memory, a page fault occurs when the requested page is not in
main memory. The operating system swaps the page from secondary storage (such as a
hard disk) into main memory.

21. Which of the following conditions must be present for a system to experience
thrashing?

 A) The CPU utilization is high.

 B) The degree of multiprogramming is low.
 C) The sum of the working sets of all processes is greater than the physical memory.
 D) The paging system uses a FIFO algorithm.

Answer: C
Explanation: Thrashing occurs when the combined working set of all processes exceeds
the available physical memory, causing excessive paging and low CPU utilization.

109 | P a g e
22. Which type of memory is used by the operating system to improve access
speed to frequently accessed data?

 A) Main memory
 B) Cache memory
 C) Virtual memory
 D) Secondary storage

Answer: B
Explanation: Cache memory is used by the operating system to store frequently accessed
data to speed up access time, as it is much faster than main memory.

23. Which of the following page replacement algorithms does NOT suffer from
Belady’s anomaly?

 A) FIFO
 B) LRU
 C) Optimal Page Replacement
 D) Second Chance

Answer: B
Explanation: LRU (Least Recently Used) page replacement algorithm does not suffer
from Belady’s anomaly, unlike FIFO.

24. In which situation is an inverted page table more efficient than a traditional
page table?

 A) For processes with large address spaces

 B) For systems with small physical memory
 C) For systems with small page sizes
 D) For systems with high degrees of multiprogramming

Answer: A
Explanation: Inverted page tables are more efficient in systems with large address
spaces because they use less memory by mapping the physical pages to virtual addresses,
reducing overhead.

110 | P a g e
25. Which of the following techniques is most suitable for managing a deadlock
situation when resources are preemptible?

 A) Deadlock detection and recovery

 B) Deadlock prevention
 C) Resource allocation graphs
 D) Resource preemption

Answer: D
Explanation: If resources are preemptible, resource preemption can be used to break
deadlocks by reallocating resources to waiting processes.

26. Which memory management scheme uses both segmentation and paging for
efficient memory utilization?

 A) Pure Paging
 B) Pure Segmentation
 C) Segmented Paging
 D) Contiguous Memory Allocation

Answer: C
Explanation: Segmented paging combines the benefits of both segmentation and paging,
allowing variable-length segments to be divided into fixed-size pages, improving
memory utilization.

27. Which of the following is NOT a goal of the CPU scheduling algorithm?

 A) Maximizing throughput
 B) Minimizing turnaround time
 C) Minimizing CPU utilization
 D) Minimizing waiting time

Answer: C
Explanation: The goal of a CPU scheduling algorithm is to maximize CPU utilization,
not minimize it. It aims to ensure the CPU is used as efficiently as possible.

111 | P a g e
28. Which of the following is an advantage of a multilevel feedback queue over a
multilevel queue in CPU scheduling?

 A) Fixed priority scheduling

 B) Variable time quantum per queue
 C) Processes cannot change queues
 D) Each queue has a single priority

Answer: B
Explanation: In a multilevel feedback queue, processes can move between queues based
on their behavior, and each queue can have a different time quantum, making it more
flexible than a multilevel queue.

29. Which I/O scheduling algorithm is a variant of SCAN but stops once it
reaches the last request in one direction?

 A) LOOK
 B) SSTF
 C) CSCAN
 D) FCFS

Answer: A
Explanation: The LOOK algorithm is a variant of SCAN, but instead of going to the end
of the disk, it only goes as far as the last request in each direction before reversing.

30. In which scenario is preemptive CPU scheduling more effective than non-
preemptive CPU scheduling?

 A) When all processes have the same priority

 B) When processes arrive at the same time
 C) When processes have different priorities and varying execution times
 D) When processes have equal burst times

Answer: C
Explanation: Preemptive scheduling is more effective in systems where processes have
different priorities or varying execution times because higher-priority processes can
preempt lower-priority ones.

112 | P a g e
31. Which page replacement algorithm uses the "use bit" and a circular queue to
approximate LRU behavior?

 A) FIFO
 B) Clock Algorithm
 C) Optimal Page Replacement
 D) LFU

Answer: B
Explanation: The Clock Algorithm is an approximation of the LRU page replacement
algorithm. It uses a circular queue and a "use bit" to decide which page to replace.

32. What is the primary drawback of the Banker's algorithm in deadlock

avoidance?

 A) It is inefficient for a large number of processes and resources.

 B) It can only be applied to single-instance resources.
 C) It is not suitable for systems with preemptible resources.
 D) It requires processes to be executed in a strict order.

Answer: A
Explanation: The primary drawback of the Banker's algorithm is that it is
computationally expensive and inefficient for a large number of processes and resources.

33. Which of the following statements is true about multithreading in operating

systems?

 A) Threads share the same stack.

 B) Each thread has its own program counter.
 C) Threads are isolated from each other in memory.
 D) Threads cannot communicate with each other.

Answer: B
Explanation: Each thread has its own program counter, allowing it to execute
independently. However, threads share the same memory space but do not share stacks.

113 | P a g e
34. In UNIX-based systems, which system call is used to send a signal to another
process?

 A) fork()
 B) kill()
 C) exec()
 D) wait()

Answer: B
Explanation: The kill() system call is used to send a signal to a process in UNIX-
based operating systems, which can be used for terminating or handling processes.

35. Which of the following types of memory can be accessed directly by the CPU?

 A) Cache memory
 B) Secondary storage
 C) Virtual memory
 D) Tertiary storage

Answer: A
Explanation: Cache memory is the fastest memory type and can be directly accessed by
the CPU to speed up the execution of frequently used instructions.

36. In operating systems, which type of page table organization uses a two-level
hierarchy for virtual memory address translation?

 A) Inverted Page Table

 B) Segmented Paging
 C) Hashed Page Table
 D) Multilevel Page Table

Answer: D
Explanation: A multilevel page table uses a hierarchy of page tables, with each level
providing further details on the memory mapping, improving memory management in
large address spaces.

114 | P a g e
37. Which CPU scheduling algorithm gives priority to processes with the shortest
burst time remaining?

 A) FCFS
 B) SJF
 C) SRTF
 D) Round Robin

Answer: C
Explanation: Shortest Remaining Time First (SRTF) gives priority to processes that
have the shortest remaining burst time, preempting the CPU if a process with a shorter
burst arrives.

38. Which of the following is a disadvantage of contiguous memory allocation in

operating systems?

 A) Fragmentation
 B) Inefficient for large address spaces
 C) High memory overhead
 D) High page fault rate

Answer: A
Explanation: Contiguous memory allocation can lead to fragmentation, as memory is
allocated in fixed blocks, and gaps may form between processes, leading to inefficient
memory usage.

39. Which page replacement algorithm minimizes the number of page faults, but
is not feasible to implement in practice?

 A) FIFO
 B) Optimal Page Replacement
 C) LRU
 D) Clock Algorithm

Answer: B
Explanation: The Optimal Page Replacement algorithm minimizes page faults by
replacing the page that will not be used for the longest period of time, but it is not
feasible to implement because future page references cannot be predicted.

115 | P a g e
40. Which of the following I/O scheduling algorithms always goes in one
direction across the disk and jumps back to the beginning when it reaches the
end?

 A) SSTF
 B) LOOK
 C) CSCAN
 D) FCFS

Answer: C
Explanation: CSCAN (Circular SCAN) is an I/O scheduling algorithm that services
requests in one direction and, when it reaches the end, it jumps back to the beginning to
start servicing again.

41. Which of the following scheduling algorithms allows for a process to execute
for a fixed time slice and then be re-queued if it has not finished?

 A) First Come First Serve (FCFS)

 B) Shortest Job First (SJF)
 C) Round Robin (RR)
 D) Priority Scheduling

Answer: C
Explanation: Round Robin (RR) scheduling allocates a fixed time quantum to each
process. If a process doesn't finish within its time slice, it is placed back in the queue for
execution.

42. In a multilevel queue scheduling algorithm, which of the following is a

potential problem if the system uses fixed priority queues?

 A) Starvation of lower-priority processes

 B) High waiting time for all processes
 C) Over-utilization of memory
 D) Higher CPU overhead due to context switching

Answer: A
Explanation: In multilevel queue scheduling, if there is a fixed priority system,
processes in lower-priority queues may suffer starvation if high-priority processes
constantly occupy the CPU.

116 | P a g e
43. Which of the following synchronization primitives uses a busy-wait
mechanism?

 A) Mutex
 B) Semaphores
 C) Condition variables
 D) Spinlocks

Answer: D
Explanation: Spinlocks are synchronization mechanisms where a thread repeatedly
checks whether it can acquire a lock, hence busy-waiting.

44. What is the major disadvantage of a monolithic kernel in an operating

system?

 A) Slow context switching

 B) Inefficient memory management
 C) Lack of modularity
 D) High system call overhead

Answer: C
Explanation: A monolithic kernel lacks modularity because all the kernel services are
integrated into one large process, making it harder to maintain and extend.

45. Which CPU scheduling algorithm is more likely to exhibit the "convoy
effect," where shorter processes wait for a longer process to finish?

 A) FCFS
 B) SRTF
 C) RR
 D) Multilevel Queue Scheduling

Answer: A
Explanation: The "convoy effect" occurs in FCFS scheduling when short processes wait
for a long process to complete before they can run.

117 | P a g e
46. Which of the following is true about preemptive scheduling in comparison to
non-preemptive scheduling?

 A) Preemptive scheduling does not allow higher priority processes to interrupt lower
priority ones.
 B) Preemptive scheduling can result in more context switches.
 C) Preemptive scheduling leads to lower CPU utilization.
 D) Preemptive scheduling has no effect on the turnaround time.

Answer: B
Explanation: Preemptive scheduling allows higher-priority processes to preempt running
processes, which can lead to more context switches and increased CPU overhead.

47. Which page replacement algorithm could theoretically lead to fewer page
faults than LRU but is difficult to implement due to its need to know future page
references?

 A) FIFO
 B) Optimal Page Replacement
 C) Clock Algorithm
 D) NRU (Not Recently Used)

Answer: B
Explanation: Optimal Page Replacement replaces the page that will not be used for the
longest time in the future, but it is impractical because it requires knowledge of future
page references.

48. In which type of deadlock prevention technique is the "Hold and Wait"
condition negated by ensuring processes acquire all necessary resources before
starting execution?

 A) Mutual Exclusion
 B) No Preemption
 C) Circular Wait
 D) Preemptive Scheduling

Answer: C
Explanation: The Circular Wait condition is avoided by making processes request all the
resources they need before starting execution, eliminating hold-and-wait situations.

118 | P a g e
49. Which of the following I/O scheduling algorithms provides the most optimal
throughput for disk-intensive workloads?

 A) FCFS
 B) SSTF
 C) LOOK
 D) CSCAN

Answer: B
Explanation: SSTF (Shortest Seek Time First) scheduling selects the I/O request closest
to the current disk head position, optimizing throughput for disk-intensive workloads.

50. Which of the following is the main disadvantage of using an inverted page
table in systems with large amounts of memory?

 A) Increased page fault rate

 B) Slower lookups due to hash collisions
 C) Higher memory overhead
 D) Difficulty in handling multiple page sizes

Answer: B
Explanation: Inverted page tables reduce memory overhead but use hashing for lookups,
which can lead to slower lookups due to hash collisions in systems with large memory.

51. Which type of memory allocation strategy divides memory into fixed-size
partitions?

 A) Contiguous Allocation
 B) Paging
 C) Segmentation
 D) Fixed Partitioning

Answer: D
Explanation: Fixed partitioning divides memory into fixed-size partitions, and each
partition holds a single process.

119 | P a g e
52. Which of the following page replacement algorithms may replace a page that
will be used soon and thus can suffer from "Belady's Anomaly"?

 A) FIFO
 B) LRU
 C) Optimal Page Replacement
 D) Clock Algorithm

Answer: A
Explanation: FIFO (First-In, First-Out) may exhibit "Belady’s Anomaly," where
increasing the number of frames leads to an increase in the number of page faults.

53. Which of the following system calls is used to create a new process in UNIX?

 A) exec()
 B) fork()
 C) wait()
 D) kill()

Answer: B
Explanation: The fork() system call creates a new process by duplicating the calling
process in UNIX systems.

54. Which memory management technique allows for processes to be larger than
the available physical memory?

 A) Segmentation
 B) Paging
 C) Virtual Memory
 D) Contiguous Memory Allocation

Answer: C
Explanation: Virtual memory allows processes to be larger than the available physical
memory by using disk space as an extension of RAM.

120 | P a g e
55. Which CPU scheduling algorithm is guaranteed to have the minimum
average waiting time, assuming all processes arrive at the same time?

 A) FCFS
 B) SJF
 C) RR
 D) Priority Scheduling

Answer: B
Explanation: Shortest Job First (SJF) scheduling minimizes the average waiting time if
all processes arrive at the same time.

56. Which of the following memory management techniques results in the highest
degree of fragmentation?

 A) Paging
 B) Segmentation
 C) Contiguous Allocation
 D) Virtual Memory

Answer: C
Explanation: Contiguous memory allocation can result in internal and external
fragmentation, as memory is allocated in fixed blocks, which may not always be fully
used.

57. Which of the following synchronization mechanisms ensures that only one
process can enter a critical section at a time?

 A) Semaphores
 B) Spinlocks
 C) Mutex
 D) Condition variables

Answer: C
Explanation: Mutexes (mutual exclusion locks) ensure that only one process can enter a
critical section at a time, preventing race conditions.

121 | P a g e
58. Which of the following is an example of a preemptive CPU scheduling
algorithm?

 A) FCFS
 B) SJF
 C) Round Robin (RR)
 D) Priority Scheduling (Non-Preemptive)

Answer: C
Explanation: Round Robin (RR) is a preemptive CPU scheduling algorithm where each
process is given a fixed time slice, and if it doesn’t finish, it is preempted and put back
into the ready queue.

59. Which of the following is a disadvantage of using segmentation for memory

management?

 A) High page fault rate

 B) Fragmentation within memory segments
 C) Difficult address translation
 D) Lack of user control over memory allocation

Answer: B
Explanation: Segmentation can result in fragmentation within memory segments,
particularly external fragmentation, because segments are of varying sizes.

60. Which of the following scheduling algorithms is best suited for real-time
systems where time constraints are critical?

 A) FCFS
 B) SRTF
 C) Priority Scheduling
 D) Round Robin

Answer: C
Explanation: Priority scheduling is best suited for real-time systems where time
constraints are critical because processes with higher priorities can be executed before
lower-priority ones.

122 | P a g e
Basics of virtual machines, storage solutions, and networking
components

1. Which of the following hypervisors provides the highest level of performance

and is directly installed on hardware without any underlying operating system?

 A) Type 1 Hypervisor
 B) Type 2 Hypervisor
 C) Hosted Hypervisor
 D) Bare-metal Hypervisor

Answer: D
Explanation: A Bare-metal or Type 1 Hypervisor runs directly on hardware, offering
high performance as it avoids the overhead of a host OS.

2. Which of the following is a key advantage of using a virtual machine over

physical hardware?

 A) Improved I/O performance

 B) Simplified resource allocation and isolation
 C) Elimination of network latencies
 D) Reduced CPU cycles for guest OS

Answer: B
Explanation: Virtual machines allow simplified resource management, including
memory, storage, and CPU, while ensuring isolation between virtual environments.

3. Which virtual networking component is responsible for connecting multiple

virtual machines on the same host as if they were connected to a physical switch?

 A) Virtual NIC
 B) Virtual Switch
 C) Network Bridge
 D) Virtual Router

Answer: B
Explanation: A Virtual Switch acts like a physical network switch, allowing VMs on the
same host to communicate with each other and route traffic.

123 | P a g e
4. Which of the following storage architectures provides a virtualized storage
environment where multiple physical storage devices appear as a single logical
unit?

 A) NAS (Network Attached Storage)

 B) SAN (Storage Area Network)
 C) SDS (Software Defined Storage)
 D) RAID (Redundant Array of Independent Disks)

Answer: C
Explanation: Software-Defined Storage (SDS) abstracts the storage hardware, enabling
centralized control and management of multiple physical storage devices.

5. Which type of virtualization allows an operating system to run on top of

another operating system by abstracting the hardware?

 A) Network Virtualization
 B) Full Virtualization
 C) Para-Virtualization
 D) Storage Virtualization

Answer: B
Explanation: Full virtualization provides an abstraction layer that enables guest OSs to
run independently of the host OS, as if they were running on physical hardware.

6. In virtual environments, which feature helps allocate memory dynamically

based on demand from virtual machines?

 A) Thin Provisioning
 B) Overcommitment
 C) Memory Ballooning
 D) Resource Pooling

Answer: C
Explanation: Memory Ballooning is a feature that reallocates memory between VMs
based on their actual needs, enabling dynamic memory management.

124 | P a g e
7. Which storage system allows for block-level access and is typically used in
enterprise environments to provide high-speed access to storage devices?

 A) NAS
 B) SAN
 C) DAS (Direct Attached Storage)
 D) Cloud Storage

Answer: B
Explanation: A SAN (Storage Area Network) provides block-level storage access,
which is faster and more suitable for performance-critical applications than NAS.

8. In a virtualized environment, what is the role of a "vMotion" feature typically

found in VMware?

 A) Migrates data between storage devices

 B) Migrates running VMs between hosts without downtime
 C) Balances CPU load between VMs
 D) Allocates network bandwidth based on demand

Answer: B
Explanation: VMware's vMotion allows live migration of running VMs from one
physical host to another without any downtime, facilitating maintenance and load
balancing.

9. Which type of RAID configuration provides both redundancy and

performance improvement by using striping with parity?

 A) RAID 0
 B) RAID 1
 C) RAID 5
 D) RAID 10

Answer: C
Explanation: RAID 5 uses striping with parity to provide fault tolerance and improved
read performance, making it ideal for balancing redundancy and performance.

125 | P a g e
10. Which networking component in a virtualized environment is responsible for
handling the communication between a virtual network and a physical network?

 A) Virtual NIC
 B) Virtual Switch
 C) Virtual Router
 D) Network Bridge

Answer: D
Explanation: A Network Bridge connects the virtual network (VMs) to the physical
network, allowing communication between the two environments.

11. Which protocol is commonly used in storage solutions for block-level data
transfer over a network and is often implemented in SAN environments?

 A) iSCSI (Internet Small Computer Systems Interface)

 B) NFS (Network File System)
 C) SMB (Server Message Block)
 D) FTP (File Transfer Protocol)

Answer: A
Explanation: iSCSI is a protocol that allows block-level data transfer over IP networks,
making it ideal for SAN environments.

12. What is the main advantage of using thin provisioning in storage systems?

 A) Reduces storage latency

 B) Improves network bandwidth utilization
 C) Allows over-provisioning of storage to VMs
 D) Simplifies the backup process

Answer: C
Explanation: Thin provisioning allows more storage to be allocated to VMs than is
physically available, as only the actual used space is provisioned, optimizing storage
utilization.

126 | P a g e
13. Which virtual storage solution allows for dynamic addition of storage without
shutting down virtual machines?

 A) Thin Provisioning
 B) Hot Storage Swapping
 C) Live Migration
 D) Storage DRS (Distributed Resource Scheduler)

Answer: B
Explanation: Hot Storage Swapping allows storage devices to be added or replaced
while the system is running, ensuring minimal downtime and operational continuity.

14. Which of the following networking technologies enables multiple virtual

LANs to coexist on the same physical network infrastructure?

 A) VLAN Trunking
 B) NAT (Network Address Translation)
 C) DHCP (Dynamic Host Configuration Protocol)
 D) IPsec (Internet Protocol Security)

Answer: A
Explanation: VLAN Trunking allows multiple VLANs to be carried across a single
physical network link by tagging traffic with VLAN IDs.

15. Which type of storage system stores data as objects, and is typically used in
cloud storage environments?

 A) Block Storage
 B) File Storage
 C) Object Storage
 D) SAN

Answer: C
Explanation: Object storage is used in cloud environments and stores data as objects
with metadata, providing scalability and easy access to unstructured data.

127 | P a g e
16. Which networking component in virtualized environments is responsible for
controlling traffic between different VLANs?

 A) Virtual NIC
 B) Virtual Router
 C) Layer 2 Switch
 D) Virtual Firewall

Answer: B
Explanation: A virtual router is responsible for routing traffic between different VLANs,
allowing VMs on different virtual networks to communicate.

17. Which of the following describes "spanning tree protocol" (STP) in the
context of virtual networking?

 A) Ensures that the network has redundant paths

 B) Prevents network loops by selectively disabling links
 C) Allocates IP addresses dynamically to VMs
 D) Balances network load across multiple NICs

Answer: B
Explanation: Spanning Tree Protocol (STP) prevents network loops by creating a loop-
free topology, selectively disabling links as needed.

18. What is the main advantage of using a Type 2 Hypervisor over a Type 1
Hypervisor?

 A) Lower performance overhead

 B) Easier to implement on top of an existing OS
 C) Better resource isolation
 D) Supports live migration

Answer: B
Explanation: Type 2 Hypervisors run on top of an existing operating system, making
them easier to implement and manage on personal computers, although they have more
overhead than Type 1 hypervisors.

128 | P a g e
19. In cloud environments, which storage type is typically used for applications
requiring low-latency access to frequently used data?

 A) Archive Storage
 B) SSD (Solid State Drives)
 C) Object Storage
 D) Tape Storage

Answer: B
Explanation: SSDs are used for low-latency, high-performance applications due to their
fast read/write speeds, making them ideal for frequently accessed data in cloud
environments.

20. Which of the following page-level storage protocols is commonly used in

virtualized storage environments to connect multiple hosts to a shared storage
array over Ethernet?

 A) FCoE (Fibre Channel over Ethernet)

 B) iSCSI
 C) NFS
 D) CIFS (Common Internet File System)

Answer: A
Explanation: FCoE is a network protocol that allows Fibre Channel communications to
be encapsulated over Ethernet, enabling high-speed access to shared storage in virtualized
environments.

Infra related concepts like processors, Clock Cycle, Cache Memory,

HDD, SSD etc

1. Which of the following is true about the clock cycle of a processor?

 A) It measures the number of instructions executed per second.

 B) It represents the time required to complete a single operation in the CPU.
 C) It is the total number of cycles per instruction (CPI).
 D) It is the amount of time the CPU remains idle during an operation.

Answer: B
Explanation: The clock cycle represents the time required to complete a single operation
in the CPU, which determines how quickly the processor executes instructions.

129 | P a g e
2. Which cache memory level is closest to the CPU and typically offers the lowest
latency?

 A) L1 Cache
 B) L2 Cache
 C) L3 Cache
 D) DRAM

Answer: A
Explanation: The L1 cache is the closest to the CPU and offers the lowest latency,
making it the fastest type of cache memory, but it's usually the smallest in size.

3. What does "cache coherence" refer to in a multi-core processor architecture?

 A) Ensuring that multiple caches have the same data at the same time.
 B) The ability of the cache to predict future data requests.
 C) The synchronization of cache data with main memory.
 D) A method to increase the size of the cache dynamically.

Answer: A
Explanation: Cache coherence refers to ensuring that all processors in a multi-core
system have a consistent view of the memory, preventing data conflicts between multiple
caches.

4. Which of the following is NOT a factor affecting the performance of a hard

disk drive (HDD)?

 A) Seek Time
 B) Rotational Latency
 C) Read/Write Speed
 D) NAND Flash Technology

Answer: D
Explanation: NAND flash technology is used in SSDs (Solid State Drives), not HDDs.
HDD performance is affected by seek time, rotational latency, and read/write speed.

130 | P a g e
5. In a CPU, what does the term "pipelining" refer to?

 A) Increasing the clock speed to improve performance.

 B) Overclocking the processor to perform multiple instructions simultaneously.
 C) Executing multiple instructions in parallel by breaking them into smaller stages.
 D) Implementing a multi-core architecture to increase throughput.

Answer: C
Explanation: Pipelining allows a CPU to execute multiple instructions simultaneously
by dividing the execution process into stages, with each stage handling a part of the
instruction.

6. Which type of SSD uses the PCIe (Peripheral Component Interconnect

Express) interface for faster data transfer?

 A) SATA SSD
 B) NVMe SSD
 C) MLC SSD
 D) SLC SSD

Answer: B
Explanation: NVMe SSDs use the PCIe interface, which offers significantly faster data
transfer rates compared to traditional SATA SSDs, making them ideal for high-
performance tasks.

7. Which of the following components is responsible for translating virtual

memory addresses into physical memory addresses?

 A) Cache Controller
 B) Memory Management Unit (MMU)
 C) Arithmetic Logic Unit (ALU)
 D) Direct Memory Access (DMA)

Answer: B
Explanation: The Memory Management Unit (MMU) is responsible for translating
virtual addresses into physical addresses, enabling efficient memory management in
modern processors.

131 | P a g e
8. What does the term "instruction-level parallelism" (ILP) refer to in CPU
architecture?

 A) The ability to execute different parts of a single instruction simultaneously.

 B) The ability to execute multiple instructions in parallel within a single processor cycle.
 C) The ability to execute multiple processes on different CPU cores.
 D) The synchronization of clock cycles across multiple processors.

Answer: B
Explanation: Instruction-level parallelism refers to the ability of a CPU to execute
multiple instructions in parallel within a single processor cycle, improving performance.

9. Which of the following is a characteristic of modern SSDs that distinguishes

them from traditional HDDs?

 A) Faster read/write speeds and no moving parts

 B) Higher power consumption compared to HDDs
 C) Greater susceptibility to physical damage
 D) Slower data access times than HDDs

Answer: A
Explanation: SSDs are faster than HDDs because they use flash memory and have no
moving parts, making them more reliable and efficient for high-speed data access.

10. What role does the "branch predictor" play in modern CPU architecture?

 A) It manages the order of instruction execution in the pipeline.

 B) It predicts the outcome of conditional branches to reduce pipeline stalls.
 C) It improves cache hit rates by predicting future memory accesses.
 D) It adjusts the clock speed dynamically based on workload.

Answer: B
Explanation: The branch predictor attempts to guess the outcome of conditional
branches in the code, allowing the CPU to reduce delays caused by pipeline stalls.

132 | P a g e
11. In memory hierarchy, what is the primary purpose of the TLB (Translation
Lookaside Buffer)?

 A) Store frequently used cache blocks.

 B) Reduce the time required to access data in the main memory.
 C) Speed up virtual-to-physical address translation.
 D) Store frequently used arithmetic operations.

Answer: C
Explanation: The TLB speeds up the process of virtual-to-physical address translation
by caching recently used translations, improving the performance of memory accesses.

12. Which of the following factors directly influences the number of instructions
that a CPU can execute per second?

 A) Cache size
 B) Clock speed
 C) Memory bandwidth
 D) Number of I/O devices

Answer: B
Explanation: The clock speed, measured in Hertz (Hz), determines how many
instructions the CPU can execute per second, with a higher clock speed resulting in faster
instruction execution.

13. What is the primary advantage of using multi-level caches (L1, L2, L3) in
modern processors?

 A) Reduces power consumption

 B) Improves cache coherence
 C) Balances speed and capacity, reducing access latency
 D) Increases clock speed

Answer: C
Explanation: Multi-level caches balance speed and capacity, with L1 being the fastest
but smallest, and L3 being slower but larger, thus reducing memory access latency.

133 | P a g e
14. Which of the following defines the concept of "out-of-order execution" in
CPU design?

 A) The CPU executes instructions in the exact order they are written in the program.
 B) The CPU reorders instructions to optimize pipeline utilization.
 C) The CPU skips instructions with dependencies and returns to them later.
 D) The CPU executes instructions based on priority rather than order.

Answer: B
Explanation: Out-of-order execution allows the CPU to execute instructions that are
ready, even if previous instructions are stalled, thereby optimizing the usage of the CPU
pipeline.

15. What is the primary benefit of using SRAM (Static RAM) over DRAM
(Dynamic RAM) in cache memory?

 A) Higher storage capacity

 B) Lower power consumption
 C) Faster access times
 D) Lower cost per bit

Answer: C
Explanation: SRAM is faster than DRAM because it does not need to be refreshed
periodically, making it ideal for use in cache memory where speed is critical.

16. Which type of processor architecture allows instructions to be executed in

fewer clock cycles by using a simplified instruction set?

 A) CISC (Complex Instruction Set Computing)

 B) RISC (Reduced Instruction Set Computing)
 C) SIMD (Single Instruction, Multiple Data)
 D) VLIW (Very Long Instruction Word)

Answer: B
Explanation: RISC architecture uses a simplified instruction set that allows instructions
to be executed in fewer clock cycles, leading to higher performance in certain
applications.

134 | P a g e
17. What is the primary difference between synchronous and asynchronous
DRAM?

 A) Synchronous DRAM is faster than asynchronous DRAM.

 B) Asynchronous DRAM operates without a clock signal, while synchronous DRAM is
synchronized with the system clock.
 C) Asynchronous DRAM uses less power than synchronous DRAM.
 D) Synchronous DRAM is only used in mobile devices.

Answer: B
Explanation: Synchronous DRAM operates in sync with the system clock, while
asynchronous DRAM does not rely on a clock signal, leading to performance differences.

18. In the context of SSDs, what does the term "wear leveling" refer to?

 A) Reducing the amount of data written to the SSD to prolong its lifespan.
 B) Distributing write and erase cycles evenly across all memory cells.
 C) Increasing the read/write speed of the SSD.
 D) Adjusting the size of memory blocks dynamically based on usage.

Answer: B
Explanation: Wear leveling is a technique used in SSDs to distribute write and erase
cycles evenly across all memory cells, thereby extending the lifespan of the SSD.

19. Which of the following memory types is used to store the BIOS or UEFI
firmware in a computer?

 A) SRAM
 B) DRAM
 C) ROM
 D) Flash Memory

Answer: D
Explanation: Flash memory is used to store BIOS or UEFI firmware in modern
computers as it is non-volatile and can be updated when necessary.

135 | P a g e
20. What is the primary benefit of using a CPU with Hyper-Threading
technology?

 A) Increases the clock speed of the CPU cores.

 B) Allows a single CPU core to execute multiple threads simultaneously.
 C) Reduces the power consumption of the CPU.
 D) Improves cache efficiency by sharing resources between cores.

Answer: B
Explanation: Hyper-Threading allows a single CPU core to execute multiple threads
simultaneously, improving the CPU’s ability to handle parallel tasks efficiently.

Backup and Recovery practices - Best practices pertaining to security

and compliance controls. - Windows and Unix/Linux computing
environments.

1. Which type of backup only stores changes made since the last backup,
regardless of whether it was full or incremental?

 A) Full Backup
 B) Differential Backup
 C) Incremental Backup
 D) Synthetic Backup

Answer: C
Explanation: An incremental backup only stores the changes made since the last backup
of any type (full or incremental), resulting in smaller backups but slower recovery times.

2. What is the primary advantage of using a snapshot-based backup in a

Unix/Linux environment?

 A) It provides real-time data replication.

 B) It captures the state of the file system at a specific point in time without disrupting
ongoing operations.
 C) It reduces the size of the backup by only saving modified files.
 D) It is faster to restore than traditional backups.

Answer: B
Explanation: Snapshot-based backups capture the entire state of the file system at a
specific moment, allowing for quick backups without interrupting system operations.

136 | P a g e
3. In a Unix/Linux system, which command is commonly used for performing
incremental backups?

 A) cp
 B) tar
 C) rsync
 D) dd

Answer: C
Explanation: rsync is commonly used for incremental backups as it only transfers and
synchronizes the differences between source and destination directories.

4. Which backup strategy ensures that no more than one day's worth of data can
be lost in case of a failure?

 A) Incremental Backup
 B) Differential Backup
 C) Daily Full Backup
 D) RAID 5 Backup

Answer: C
Explanation: A daily full backup ensures that, in the worst case, only one day's worth of
data is lost because a complete backup is made every day.

5. Which of the following Unix/Linux utilities is designed to monitor and ensure

the integrity of system files as a compliance control measure?

 A) top
 B) chkconfig
 C) aide
 D) iptables

Answer: C
Explanation: aide (Advanced Intrusion Detection Environment) is a tool used for
monitoring file integrity by creating and comparing snapshots of system files, ensuring
compliance with security standards.

137 | P a g e
6. In Windows systems, what is the purpose of the Volume Shadow Copy Service
(VSS)?

 A) It creates disk partitions for backups.

 B) It creates consistent point-in-time snapshots of data while the system is running.
 C) It manages network drives and shared folders.
 D) It handles encryption and decryption of backup data.

Answer: B
Explanation: VSS allows the creation of snapshots (shadow copies) of files, even while
they are in use, enabling consistent backups without stopping services.

7. What is the role of a "journal" in journaling file systems, commonly used in

Unix/Linux systems, in the context of backup and recovery?

 A) It tracks all backup operations performed on the system.

 B) It logs every transaction for recovery in case of a crash.
 C) It creates backups of the file system configuration.
 D) It prevents unauthorized access to the backup files.

Answer: B
Explanation: Journaling file systems like ext3 or ext4 log every transaction to a journal,
allowing for quick recovery in case of a system crash.

8. What is a major disadvantage of performing a full backup every day?

 A) It reduces recovery time.

 B) It increases storage space usage significantly.
 C) It complicates the recovery process.
 D) It is not compatible with encryption protocols.

Answer: B
Explanation: Performing a full backup every day significantly increases storage space
requirements, making it less efficient compared to incremental or differential backups.

138 | P a g e
9. In a disaster recovery plan, what does the term "Recovery Point Objective"
(RPO) refer to?

 A) The maximum allowable downtime before recovery must be completed.

 B) The specific time within which the system should be restored after a failure.
 C) The amount of data that can be lost, measured in time, from the last backup.
 D) The priority of which systems should be restored first.

Answer: C
Explanation: RPO refers to the maximum amount of data that can be lost after a disaster,
typically measured in time (e.g., if RPO is 24 hours, data from the last 24 hours can be
lost).

10. In Unix/Linux environments, which tool is commonly used for creating

filesystem backups over the network?

 A) tar
 B) rsync
 C) scp
 D) dd

Answer: B
Explanation: rsync is commonly used for creating backups and syncing files over a
network efficiently, as it transfers only the changes made to files.

11. In Windows, which of the following is a native tool used for system state
recovery and restoring Windows system files after failure?

 A) System Restore
 B) Windows Defender
 C) Task Manager
 D) BitLocker

Answer: A
Explanation: System Restore is a built-in Windows tool that can revert system files and
settings to a previous state, aiding in recovery after a failure.

139 | P a g e
12. Which of the following best describes a "hot backup"?

 A) A backup made while the system is running and data is still being accessed.
 B) A backup performed after shutting down all system services.
 C) A backup stored offsite to protect against disasters.
 D) A backup that is encrypted for added security.

Answer: A
Explanation: A hot backup is taken while the system is still running and data is actively
being accessed, unlike a cold backup, which requires services to be stopped.

13. Which of the following RAID configurations provides redundancy but does
not improve read/write performance?

 A) RAID 0
 B) RAID 1
 C) RAID 5
 D) RAID 6

Answer: B
Explanation: RAID 1 mirrors data across multiple disks for redundancy but does not
offer any performance improvements for reading or writing.

14. In Unix/Linux systems, what does the umask command control in the context
of security and compliance?

 A) It masks user accounts to prevent unauthorized access.

 B) It defines default file permissions for newly created files and directories.
 C) It locks files to prevent deletion by unauthorized users.
 D) It encrypts files before storing them on the disk.

Answer: B
Explanation: The umask command controls the default file and directory permissions for
newly created files, which is crucial for ensuring proper security configurations.

140 | P a g e
15. Which type of disaster recovery site is fully operational and can immediately
take over in the event of a primary site failure?

 A) Cold Site
 B) Warm Site
 C) Hot Site
 D) Mirror Site

Answer: C
Explanation: A hot site is a fully operational recovery site that can take over
immediately after a primary site failure, minimizing downtime and data loss.

16. Which Linux command is used to check the integrity of a file system after a
crash and potentially fix errors?

 A) fsck
 B) chown
 C) chmod
 D) mount

Answer: A
Explanation: The fsck (file system check) command is used to check the integrity of a
file system and repair any issues, especially after a system crash or power failure.

17. What is the primary purpose of using a "cold site" in disaster recovery?

 A) To store an exact replica of the primary site for immediate recovery.

 B) To provide backup power and network connectivity in case of a failure.
 C) To serve as a backup location with only infrastructure setup and no active data or
equipment.
 D) To offer real-time data synchronization with the primary site.

Answer: C
Explanation: A cold site is a backup location with the infrastructure ready (like power
and connectivity), but no active data or equipment, requiring setup before it becomes
operational.

141 | P a g e
18. In the context of security, what does "Defense in Depth" mean?

 A) Using firewalls and antivirus software together for added security.

 B) Layering multiple security controls throughout the IT environment to protect against
attacks.
 C) Prioritizing physical security measures over network security.
 D) Implementing a single comprehensive security control to protect all assets.

Answer: B
Explanation: Defense in Depth refers to a layered approach to security, where multiple
security measures are implemented at various levels to protect against a wide range of
threats.

19. Which command in Unix/Linux is used to create incremental backups by

comparing the differences between two directories?

 A) cp
 B) rsync
 C) mv
 D) diff

Answer: B
Explanation: rsync is used to synchronize files between two locations by only
transferring the differences, making it ideal for incremental backups.

20. Which file system in Linux is known for its journaling capabilities, providing
better data integrity during unexpected shutdowns?

 A) FAT32
 B) NTFS
 C) ext3
 D) HFS+

Answer: C
Explanation: The ext3 file system is known for its journaling capabilities, which log
changes before they are made to the file system, improving recovery after unexpected
shutdowns.

21. In a Unix/Linux system, which command is used to safely shut down the
system while ensuring all file system buffers are written to disk?

 A) halt
 B) shutdown

142 | P a g e
  C) poweroff
 D) sync

Answer: B
Explanation: The shutdown command safely stops all processes and ensures that all file
system buffers are written to disk before powering off the system.

22. Which of the following is a key advantage of differential backups over

incremental backups?

 A) Faster backup process

 B) Less storage space required
 C) Faster restoration process
 D) Higher frequency of backups

Answer: C
Explanation: Differential backups store changes made since the last full backup,
resulting in faster restoration compared to incremental backups, which require the
restoration of multiple smaller backup files.

23. What does the "WORM" (Write Once Read Many) feature in backup
systems ensure?

 A) Data can be written multiple times to the same storage.

 B) Data can be read and written without limits.
 C) Data is written only once, preventing tampering or modification.
 D) Data is erased after a single read operation.

Answer: C
Explanation: WORM (Write Once, Read Many) storage allows data to be written only
once, preventing any future modification, ensuring the integrity of archived data.

24. In the context of Unix/Linux, which utility is used to create a backup of the
entire disk, including the boot sector?

 A) tar
 B) dd
 C) cpio
 D) gzip

143 | P a g e
 Answer: B
Explanation: The dd command is used to create raw disk images, including the boot
sector, by copying data at the block level.

25. Which method of backup is most appropriate for minimizing the backup
window in environments with large volumes of data?

 A) Full Backup
 B) Incremental Backup
 C) Differential Backup
 D) Continuous Data Protection (CDP)

Answer: D
Explanation: Continuous Data Protection (CDP) minimizes the backup window by
continuously capturing changes, providing near real-time backup and recovery without
the need for traditional scheduled backups.

26. Which type of backup retains only the most recent changes and eliminates
redundant data to reduce storage requirements?

 A) Deduplicated Backup
 B) Synthetic Full Backup
 C) Snapshot Backup
 D) Differential Backup

Answer: A
Explanation: Deduplicated backups retain only unique data, eliminating redundant
information, which significantly reduces the required storage space.

27. What does the principle of "Least Privilege" in compliance and security
controls imply?

 A) Users should have administrative privileges to ensure operational flexibility.

 B) Users are given only the permissions necessary to perform their job functions.
 C) All users should have read-only access to sensitive data.
 D) Privilege levels should be increased over time based on seniority.

Answer: B
Explanation: The principle of Least Privilege states that users should only be granted

144 | P a g e
 permissions necessary to perform their job duties, minimizing the risk of accidental or
malicious system alterations.

28. In a RAID 5 configuration, how many disks can fail without losing data?

 A) None
 B) One
 C) Two
 D) Three

Answer: B
Explanation: RAID 5 can tolerate the failure of one disk without data loss, as the parity
information allows reconstruction of the lost data.

29. Which page replacement algorithm might result in the "Belady’s anomaly,"
where increasing the number of page frames results in more page faults?

 A) Least Recently Used (LRU)

 B) First-In, First-Out (FIFO)
 C) Optimal Page Replacement
 D) Clock Algorithm

Answer: B
Explanation: Belady's anomaly occurs with the FIFO page replacement algorithm,
where adding more page frames can lead to an increase in page faults in certain cases.

30. Which of the following Windows commands is used to initiate a full system
scan for file corruption and repair issues automatically?

 A) sfc /scannow
 B) chkdsk /r
 C) diskpart
 D) defrag

Answer: A
Explanation: The sfc /scannow command runs the System File Checker, scanning and
repairing corrupted or missing system files.

145 | P a g e
31. What type of I/O scheduling algorithm ensures that requests are serviced in
the order they arrive, without considering the location on the disk?

 A) SSTF
 B) SCAN
 C) LOOK
 D) FCFS

Answer: D
Explanation: The First-Come, First-Served (FCFS) algorithm processes I/O requests in
the order they arrive, without optimizing for disk location or minimizing seek time.

32. In Unix/Linux systems, what is the role of the "superblock" in the context of
file system recovery?

 A) It stores user permissions for all files in the system.

 B) It contains metadata about the file system such as size, blocks, and status.
 C) It holds the inode information for each file and directory.
 D) It contains the contents of files stored on the disk.

Answer: B
Explanation: The superblock contains critical information about the file system,
including its size, status, and metadata. Corruption of the superblock can lead to serious
file system issues.

33. In a Linux system, which of the following tools is most commonly used for
managing security policies, such as firewalls and packet filtering?

 A) iptables
 B) fsck
 C) crontab
 D) chkconfig

Answer: A
Explanation: iptables is the utility in Unix/Linux systems used to configure network
packet filtering, such as setting up firewalls and managing security policies.

146 | P a g e
34. Which page replacement algorithm always produces the least number of page
faults but is impossible to implement practically?

 A) Least Recently Used (LRU)

 B) Optimal Page Replacement
 C) First-In, First-Out (FIFO)
 D) Clock Algorithm

Answer: B
Explanation: The Optimal Page Replacement algorithm replaces the page that will not
be used for the longest period, but it requires future knowledge of memory accesses,
making it impossible to implement in practice.

35. Which component of a virtual machine allows it to communicate with the

physical hardware of the host machine?

 A) Hypervisor
 B) Guest OS
 C) Virtual CPU
 D) Virtual Memory Manager

Answer: A
Explanation: The hypervisor is responsible for managing virtual machines and enabling
them to interact with the physical hardware of the host machine.

36. Which I/O scheduling algorithm favors processes with shorter seek times and
thus may lead to starvation of requests for tracks far from the current head
position?

 A) FCFS
 B) SSTF
 C) SCAN
 D) LOOK

Answer: B
Explanation: Shortest Seek Time First (SSTF) favors processes that are closest to the
current head position but can lead to starvation for processes further away on the disk.

147 | P a g e
37. What is the main purpose of memory paging in operating systems?

 A) To swap entire processes between disk and RAM.

 B) To allocate contiguous memory blocks to processes.
 C) To allow non-contiguous memory allocation, making efficient use of RAM.
 D) To store backup copies of memory pages on disk.

Answer: C
Explanation: Memory paging allows processes to use non-contiguous memory blocks,
which helps efficiently manage RAM by loading only the required pages into memory.

38. Which of the following protocols provides encryption and security features
for backup data transmitted over the network?

 A) HTTP
 B) FTP
 C) HTTPS
 D) SCP

Answer: D
Explanation: SCP (Secure Copy Protocol) uses SSH to securely transfer files, ensuring
encryption and integrity of backup data transmitted over the network.

39. In Unix/Linux, what is the role of the rsyslog service in compliance and
security auditing?

 A) Manages file permissions.

 B) Synchronizes system logs across the network.
 C) Logs kernel-level events.
 D) Maintains user activity logs for auditing purposes.

Answer: B
Explanation: rsyslog is used to aggregate and manage log files, including forwarding
system logs to a central server for monitoring and auditing, making it an essential tool in
compliance and security auditing.

148 | P a g e
40. In a Linux system, which command would you use to check the status of
currently mounted file systems and their available storage?

 A) df
 B) du
 C) fdisk
 D) lsblk

Answer: A
Explanation: The df command reports the disk space usage of mounted file systems,
showing the available and used storage space.

3.Networking

Types of Networks (LAN, WAN, MAN etc) - Network Topologies (Ring , Mesh,
Bus, Star, etc) - Network Devices (Hub, Bridge, Routers, Gateway, etc) -
OSI Data Model, TCP/IP Model - Subnets and Supernets

1. Which type of network typically spans a single building or campus and is

characterized by high-speed data transfer?

 A) Wide Area Network (WAN)

 B) Local Area Network (LAN)
 C) Metropolitan Area Network (MAN)
 D) Personal Area Network (PAN)

Answer: B
Explanation: LANs (Local Area Networks) are networks that cover a small geographical
area, such as a single building or campus, and typically offer high data transfer speeds.

2. Which topology ensures that each device is connected to every other device,
providing high fault tolerance but requiring the most cabling?

 A) Star
 B) Bus
 C) Ring
 D) Mesh

Answer: D
Explanation: In a Mesh topology, every device is connected to every other device,
which provides high fault tolerance but requires more cabling compared to other
topologies.

149 | P a g e
3. Which network device operates at the Data Link layer of the OSI model and is
used to separate collision domains in a LAN?

 A) Router
 B) Hub
 C) Bridge
 D) Gateway

Answer: C
Explanation: A Bridge operates at the Data Link layer (Layer 2) of the OSI model and is
used to divide a network into separate collision domains, improving efficiency.

4. In which layer of the OSI model is error detection and correction primarily
handled?

 A) Network Layer
 B) Transport Layer
 C) Data Link Layer
 D) Physical Layer

Answer: C
Explanation: Error detection and correction are primarily handled at the Data Link
layer (Layer 2) of the OSI model, using mechanisms like cyclic redundancy check
(CRC).

5. What is the main purpose of a subnet mask in IP addressing?

 A) To define the class of an IP address

 B) To differentiate between the network and host portions of an IP address
 C) To identify the gateway in a network
 D) To create a default route

Answer: B
Explanation: A subnet mask is used to differentiate between the network portion and
the host portion of an IP address, which helps in routing traffic within and between
subnets.

150 | P a g e
6. Which device is used to connect different types of networks together and
operates at Layer 3 (Network Layer) of the OSI model?

 A) Hub
 B) Switch
 C) Router
 D) Repeater

Answer: C
Explanation: A Router operates at Layer 3 (Network Layer) of the OSI model and is
used to connect different networks, such as a LAN and a WAN, together.

7. Which of the following is a characteristic feature of the TCP protocol in the

TCP/IP model?

 A) Connectionless communication
 B) No guarantee of delivery
 C) Flow control through windowing
 D) Operates at the Network Layer

Answer: C
Explanation: TCP (Transmission Control Protocol) provides reliable, connection-
oriented communication, including flow control using a mechanism called windowing,
which manages data flow between sender and receiver.

8. What is the primary difference between subnets and supernets?

 A) Subnets aggregate multiple networks, while supernets divide a large network.

 B) Subnets divide a large network into smaller ones, while supernets aggregate multiple
smaller networks into one.
 C) Subnets operate at Layer 4, while supernets operate at Layer 3.
 D) Subnets are classless, while supernets are classful.

Answer: B
Explanation: Subnets divide a large network into smaller segments, while supernets
(also called CIDR or Classless Inter-Domain Routing) aggregate multiple smaller
networks into one larger network.

151 | P a g e
9. Which protocol is used by network devices to exchange routing information in
a WAN and operates at the Application Layer of the OSI model?

 A) OSPF
 B) BGP
 C) RIP
 D) ICMP

Answer: B
Explanation: BGP (Border Gateway Protocol) is a protocol used to exchange routing
information between different networks in a WAN. It operates at the Application Layer
of the OSI model.

10. Which network topology can continue to function even if a single cable or
node breaks, but will fail if the central hub fails?

 A) Ring
 B) Mesh
 C) Star
 D) Bus

Answer: C
Explanation: In a Star topology, devices are connected to a central hub. If a single cable
or node fails, the network continues to function, but if the hub fails, the entire network
goes down.

11. In IPv6, what is the default length of a subnet mask (prefix length)?

 A) /48
 B) /56
 C) /64
 D) /128

Answer: C
Explanation: The default subnet prefix length in IPv6 is /64, meaning the first 64 bits
represent the network portion, and the remaining 64 bits represent the host portion.

152 | P a g e
12. Which protocol in the OSI model is responsible for ensuring reliable
communication and error recovery?

 A) UDP
 B) IP
 C) TCP
 D) ICMP

Answer: C
Explanation: TCP (Transmission Control Protocol) operates at the Transport Layer of
the OSI model and is responsible for ensuring reliable communication, including error
recovery and flow control.

13. Which OSI layer is primarily responsible for providing encryption and data
compression during data transfer?

 A) Application Layer
 B) Presentation Layer
 C) Network Layer
 D) Transport Layer

Answer: B
Explanation: The Presentation Layer (Layer 6) of the OSI model handles data
encryption, decryption, and compression to ensure that data is transmitted securely and
efficiently.

14. In network design, what is the role of a "Gateway"?

 A) To store MAC addresses

 B) To convert data formats between different protocols
 C) To segment collision domains
 D) To manage network traffic within a LAN

Answer: B
Explanation: A Gateway acts as a translator between different network protocols,
converting data formats to ensure communication between different systems or networks.

153 | P a g e
15. Which device operates at Layer 2 of the OSI model and creates multiple
collision domains but a single broadcast domain?

 A) Hub
 B) Router
 C) Switch
 D) Bridge

Answer: C
Explanation: A Switch operates at Layer 2 (Data Link Layer) of the OSI model and
creates separate collision domains for each connected device but maintains a single
broadcast domain.

16. Which subnet mask allows for the maximum number of hosts in a Class C IP
address?

 A) 255.255.255.0
 B) 255.255.255.128
 C) 255.255.255.192
 D) 255.255.255.224

Answer: A
Explanation: A subnet mask of 255.255.255.0 allows for 254 hosts in a Class C network,
which is the maximum number of hosts that can be supported in this class.

17. Which type of network is most suitable for connecting different branches of a
corporation located in multiple cities?

 A) LAN
 B) PAN
 C) WAN
 D) CAN

Answer: C
Explanation: A WAN (Wide Area Network) connects different branches or locations
over long distances, typically across cities or even countries, making it ideal for inter-city
corporate communication.

154 | P a g e
18. In TCP/IP networking, which of the following is responsible for routing
packets across different networks?

 A) TCP
 B) IP
 C) DNS
 D) DHCP

Answer: B
Explanation: The IP (Internet Protocol) is responsible for routing packets across
different networks by using IP addresses and routing tables.

19. In the OSI model, which layer handles routing, forwarding, and logical
addressing?

 A) Data Link Layer

 B) Transport Layer
 C) Network Layer
 D) Session Layer

Answer: C
Explanation: The Network Layer (Layer 3) of the OSI model is responsible for logical
addressing (IP addresses), routing, and forwarding packets across different networks.

20. What is the purpose of the "Time to Live" (TTL) field in an IP header?

 A) To measure the time taken by a packet to reach its destination.

 B) To determine how long a packet can remain in the network before being discarded.
 C) To prioritize packets during network congestion.
 D) To authenticate the packet's source.

Answer: B
Explanation: The TTL field in an IP header limits the lifespan of a packet in the
network. It is decremented

21. In a subnet with a CIDR block of 192.168.1.64/26, which of the following is a

valid host IP address?

 A) 192.168.1.63
 B) 192.168.1.65
 C) 192.168.1.127

155 | P a g e
  D) 192.168.1.128

Answer: B
Explanation: The /26 means 64 addresses (from 192.168.1.64 to 192.168.1.127). The
valid host range is from 192.168.1.65 to 192.168.1.126, as 192.168.1.64 is the network
address and 192.168.1.127 is the broadcast address.

22. Which protocol operates at Layer 4 of the OSI model and is connectionless?

 A) TCP
 B) ICMP
 C) UDP
 D) IP

Answer: C
Explanation: UDP (User Datagram Protocol) operates at the Transport Layer (Layer 4)
and is a connectionless protocol, unlike TCP which is connection-oriented.

23. Which of the following scenarios can lead to a routing loop in distance-vector
routing protocols like RIP?

 A) Link-state advertisements
 B) Count to infinity problem
 C) Path vector instability
 D) Erroneous route summarization

Answer: B
Explanation: The count to infinity problem occurs in distance-vector protocols like
RIP, where routes to a failed network increase their metric indefinitely, causing a routing
loop.

24. In IPv6, what is the prefix length for a global unicast address?

 A) /48
 B) /32
 C) /64
 D) /128

156 | P a g e
 Answer: C
Explanation: In IPv6, a global unicast address typically has a prefix length of /64, which
provides a large address space for each network.

25. In which topology does every device have a direct point-to-point link to every
other device, resulting in N(N-1)/2 connections for N devices?

 A) Bus
 B) Star
 C) Ring
 D) Mesh

Answer: D
Explanation: In a full mesh topology, each device is directly connected to every other
device, leading to N(N-1)/2 connections, which ensures high redundancy.

26. Which protocol allows routers to exchange information about reachable

networks and is based on the shortest path first (SPF) algorithm?

 A) BGP
 B) RIP
 C) OSPF
 D) EIGRP

Answer: C
Explanation: OSPF (Open Shortest Path First) uses the SPF algorithm to determine
the shortest path between routers and exchange routing information.

27. What is the primary difference between a Layer 2 switch and a Layer 3
switch?

 A) Layer 2 switch forwards packets based on MAC addresses, while Layer 3 switch
forwards based on IP addresses.
 B) Layer 2 switch performs routing, while Layer 3 switch handles switching.
 C) Layer 2 switch supports only Ethernet, while Layer 3 switch supports multiple
protocols.
 D) There is no difference between the two.

157 | P a g e
 Answer: A
Explanation: A Layer 2 switch forwards packets based on MAC addresses, whereas a
Layer 3 switch can route packets based on IP addresses.

28. In a supernet with the CIDR block 172.16.0.0/12, what is the total number of
host addresses available?

 A) 16,384
 B) 65,536
 C) 1,048,576
 D) 4,194,304

Answer: C
Explanation: The /12 CIDR block leaves 20 bits for the host addresses. Thus, the total
number of host addresses is 220=1,048,5762^{20} = 1,048,576220=1,048,576.

29. Which of the following OSI layers is responsible for flow control,
segmentation, and reassembly of data?

 A) Data Link
 B) Network
 C) Transport
 D) Session

Answer: C
Explanation: The Transport Layer (Layer 4) is responsible for flow control,
segmentation, and reassembly of data during transmission.

30. Which type of NAT allows multiple private IP addresses to share a single
public IP by mapping different ports?

 A) Static NAT
 B) Dynamic NAT
 C) PAT (Port Address Translation)
 D) None of the above

Answer: C
Explanation: PAT (Port Address Translation) allows multiple devices on a private
network to share a single public IP by assigning different port numbers to each
connection.
158 | P a g e
31. What is the subnet mask for a subnet with the CIDR notation /28?

 A) 255.255.255.0
 B) 255.255.255.128
 C) 255.255.255.240
 D) 255.255.255.248

Answer: C
Explanation: The /28 means the first 28 bits are used for the network, leaving 4 bits for
hosts. This corresponds to a subnet mask of 255.255.255.240.

32. What is the primary purpose of a "default gateway" in a network?

 A) To assign IP addresses to devices

 B) To resolve DNS queries
 C) To route traffic destined for networks outside the local subnet
 D) To encapsulate data packets for transmission

Answer: C
Explanation: A default gateway routes traffic destined for networks outside the local
subnet to other networks, typically the internet.

33. Which of the following is NOT an interior gateway protocol (IGP)?

 A) OSPF
 B) BGP
 C) RIP
 D) EIGRP

Answer: B
Explanation: BGP (Border Gateway Protocol) is an exterior gateway protocol
(EGP), while OSPF, RIP, and EIGRP are all interior gateway protocols (IGP).

34. Which of the following is a characteristic of Class D IPv4 addresses?

 A) They are used for unicast communication.

 B) They are used for multicast communication.
 C) They are reserved for future use.

159 | P a g e
  D) They are used for experimental purposes.
 Answer: B
Explanation: Class D IPv4 addresses (224.0.0.0 to 239.255.255.255) are used for
multicast communication.

35. In the OSI model, which layer handles encryption and decryption of data for
secure transmission?

 A) Application Layer
 B) Presentation Layer
 C) Session Layer
 D) Transport Layer

Answer: B
Explanation: The Presentation Layer (Layer 6) handles encryption and decryption of
data for secure communication between systems.

36. What is the function of the "checksum" field in the IPv4 header?

 A) To identify the source IP address

 B) To determine the time-to-live of a packet
 C) To verify the integrity of the header data
 D) To ensure proper packet fragmentation

Answer: C
Explanation: The checksum field in the IPv4 header is used to verify the integrity of
the header data during transmission.

37. Which routing protocol converges faster by using Diffusing Update

Algorithm (DUAL) to calculate backup routes?

 A) OSPF
 B) RIP
 C) EIGRP
 D) BGP

Answer: C
Explanation: EIGRP (Enhanced Interior Gateway Routing Protocol) uses the Diffusing
Update Algorithm (DUAL) to provide faster convergence and calculate backup routes.

160 | P a g e
38. What technique does IPv6 use to allow IPv4 devices to communicate with
IPv6 devices?

 A) NAT64
 B) Dual Stack
 C) SLAAC
 D) ARP

Answer: A
Explanation: NAT64 allows IPv6 devices to communicate with IPv4 devices by
translating IPv6 addresses to IPv4 addresses and vice versa.

39. In a network with the subnet 192.168.10.0/23, how many host IP addresses
are available?

 A) 256
 B) 510
 C) 512
 D) 1024

Answer: B
Explanation: A /23 subnet provides 510 usable host addresses as 29−2=5102^9 - 2 =
51029−2=510, with 9 bits for hosts.

40. Which layer of the OSI model is responsible for end-to-end error recovery
and flow control?

 A) Data Link
 B) Network
 C) Transport
 D) Application

Answer: C
Explanation: The Transport Layer (Layer 4) is responsible for end-to-end error
recovery and flow control in data communication.

161 | P a g e
UDP, TCP, sockets and ports. - IPv4 vs IPv6 - Classless inter-domain
routing. - IP support protocols (ARP, DHCP, ICMP), Network Address
Translation (NAT) - Application layer protocols: DNS, SMTP, HTTP, FTP, etc.
- Internet Application Protocols (FTP, Telnet, SMTP, SNMP, POP3 etc).

1. Which of the following characteristics best describes the TCP protocol?

 A) Connectionless, unreliable delivery, and high overhead.

 B) Connection-oriented, reliable delivery, and flow control.
 C) Connectionless, reliable delivery, and low overhead.
 D) Connection-oriented, unreliable delivery, and congestion control.

Answer: B
Explanation: TCP (Transmission Control Protocol) is a connection-oriented protocol
that ensures reliable delivery with error-checking, retransmission, and flow control
mechanisms.

2. In the TCP three-way handshake, which of the following is the correct

sequence of messages exchanged between the client and server?

 A) SYN, ACK, FIN

 B) SYN, SYN-ACK, ACK
 C) FIN, ACK, SYN
 D) SYN, FIN, ACK

Answer: B
Explanation: The TCP three-way handshake sequence involves the client sending a
SYN packet, the server responding with a SYN-ACK, and the client confirming with an
ACK.

3. What is the primary purpose of the UDP protocol?

 A) Ensuring reliable transmission of data

 B) Establishing a secure connection between two hosts
 C) Providing a fast, connectionless transmission service without reliability
 D) Managing congestion control in the network

Answer: C
Explanation: UDP (User Datagram Protocol) is a connectionless, lightweight protocol

162 | P a g e
 that provides fast transmission without built-in reliability, flow control, or congestion
control.

4. Which of the following fields is NOT present in a UDP header?

 A) Source port
 B) Destination port
 C) Sequence number
 D) Length

Answer: C
Explanation: The UDP header consists of the source port, destination port, length,
and checksum fields. It does not include a sequence number, unlike TCP.

5. What is the address range for a link-local IPv6 address?

 A) FE80::/10
 B) FC00::/7
 C) FF00::/8
 D) 2001::/16

Answer: A
Explanation: Link-local IPv6 addresses are in the FE80::/10 range. These addresses
are used for communication within a single network segment.

6. Which of the following IP address ranges is reserved for private use in IPv4?

 A) 127.0.0.0/8
 B) 169.254.0.0/16
 C) 172.16.0.0/12
 D) 224.0.0.0/4

Answer: C
Explanation: 172.16.0.0/12 is a range reserved for private IPv4 addresses, along with
10.0.0.0/8 and 192.168.0.0/16. The other options are reserved for special purposes.

163 | P a g e
7. Which of the following best describes Classless Inter-Domain Routing
(CIDR)?

 A) It allows IP addresses to be divided into classes.

 B) It supports subnetting and supernetting by using variable-length subnet masks.
 C) It eliminates the need for IP address classes entirely.
 D) It increases the size of the IPv4 address space.

Answer: B
Explanation: CIDR (Classless Inter-Domain Routing) allows for subnetting and
supernetting by using variable-length subnet masks, enabling more efficient use of the
IPv4 address space.

8. Which protocol is used to resolve an IP address into a MAC address?

 A) DNS
 B) ARP
 C) ICMP
 D) DHCP

Answer: B
Explanation: ARP (Address Resolution Protocol) is used to map an IP address to a
MAC address on a local network.

9. Which application layer protocol is responsible for transferring email

messages between mail servers?

 A) POP3
 B) IMAP
 C) SMTP
 D) FTP

Answer: C
Explanation: SMTP (Simple Mail Transfer Protocol) is responsible for transferring
email messages between mail servers. POP3 and IMAP are used by clients to retrieve
email from servers.

164 | P a g e
10. Which of the following best describes the purpose of the Time-To-Live (TTL)
field in an IP packet?

 A) To identify the source of the packet.

 B) To specify the maximum lifetime of the packet in the network.
 C) To indicate the type of payload carried in the packet.
 D) To identify the protocol used in the transport layer.

Answer: B
Explanation: The TTL (Time-To-Live) field specifies the maximum number of hops
a packet can travel through the network before being discarded, preventing routing loops.

11. Which IP support protocol is used for error reporting and network
diagnostics?

 A) ARP
 B) DHCP
 C) ICMP
 D) FTP

Answer: C
Explanation: ICMP (Internet Control Message Protocol) is used for error reporting,
network diagnostics, and tasks such as the ping operation.

12. In NAT (Network Address Translation), what is the primary purpose of Port
Address Translation (PAT)?

 A) Mapping multiple private IP addresses to a single public IP address using different

ports.
 B) Converting IPv4 addresses to IPv6 addresses.
 C) Allowing multiple public IP addresses to be mapped to a single private IP.
 D) Disguising the source and destination IP addresses in the data packets.

Answer: A
Explanation: PAT (Port Address Translation) maps multiple private IP addresses to a
single public IP by using different port numbers for each connection.

165 | P a g e
13. Which protocol dynamically assigns IP addresses to devices on a network?

 A) ARP
 B) DNS
 C) ICMP
 D) DHCP

Answer: D
Explanation: DHCP (Dynamic Host Configuration Protocol) is responsible for
dynamically assigning IP addresses to devices on a network.

14. Which field in a DNS query specifies the type of DNS record being requested,
such as A, AAAA, or MX?

 A) Query Name
 B) Query Class
 C) Query Type
 D) Query Header

Answer: C
Explanation: The Query Type field in a DNS query specifies the type of DNS record
being requested, such as A (IPv4 address), AAAA (IPv6 address), or MX (Mail
Exchange).

15. In IPv6, which of the following is NOT a valid type of address?

 A) Multicast
 B) Unicast
 C) Anycast
 D) Broadcast

Answer: D
Explanation: IPv6 does not support broadcast addresses. It only supports unicast,
multicast, and anycast addresses.

166 | P a g e
16. What is the maximum number of subnets that can be created with the CIDR
block 192.168.1.0/28?

 A) 4
 B) 6
 C) 8
 D) 16

Answer: C
Explanation: The /28 CIDR block provides 16 IP addresses, of which 2 are reserved
(network and broadcast), leaving 14 usable host addresses. However, this setup allows
for 16 subnets with fewer host addresses.

17. Which transport layer protocol would be most suitable for real-time
applications like video streaming and VoIP?

 A) TCP
 B) FTP
 C) UDP
 D) ICMP

Answer: C
Explanation: UDP is ideal for real-time applications like video streaming and VoIP, as
it is fast, connectionless, and does not require reliable delivery, which reduces latency.

18. Which layer of the OSI model does the DNS protocol operate in?

 A) Application Layer
 B) Network Layer
 C) Transport Layer
 D) Data Link Layer

Answer: A
Explanation: DNS (Domain Name System) operates at the Application Layer of the
OSI model, translating domain names into IP addresses.

167 | P a g e
19. Which of the following correctly describes the "SYN flood" attack?

 A) An attack that overwhelms the target server with incomplete TCP connection requests.
 B) An attack that attempts to break DNS resolution by injecting false responses.
 C) An attack that exploits ARP by poisoning the MAC address cache of a device.
 D) An attack that generates a large number of ICMP Echo requests.

Answer: A
Explanation: A SYN flood attack overwhelms a target server with a large number of
half-open TCP connections by sending SYN packets without completing the three-way
handshake.

20. Which of the following protocols is responsible for the secure transmission of
HTTP data over the internet?

 A) FTP
 B) HTTPS
 C) SMTP
 D) SNMP

Answer: B
Explanation: HTTPS (Hypertext Transfer Protocol Secure) is responsible for secure
transmission of HTTP data using SSL/TLS encryption.

21. What is the primary function of the TCP sliding window protocol?

 A) To synchronize the data flow between sender and receiver.

 B) To establish a connection between two devices.
 C) To control the flow of data and ensure reliable transmission.
 D) To encrypt data being transmitted.

Answer: C
Explanation: The TCP sliding window protocol is used for flow control and ensures
that data is transmitted reliably by allowing a sender to send multiple packets before
needing an acknowledgment.

168 | P a g e
22. Which type of attack specifically exploits the TCP/IP stack's ability to
establish multiple connections?

 A) DNS Spoofing
 B) SYN Flood
 C) SQL Injection
 D) Man-in-the-Middle

Answer: B
Explanation: A SYN Flood attack exploits the TCP/IP stack by sending a large number
of SYN packets, leading to resource exhaustion on the target server due to half-open
connections.

23. In which scenario would you use ICMP Type 11 (Time Exceeded) messages?

 A) When a router receives a packet that it cannot forward due to lack of resources.
 B) To indicate that a requested service is not available.
 C) When a packet's TTL expires before reaching its destination.
 D) To respond to a successful ping request.

Answer: C
Explanation: ICMP Type 11 messages indicate that a packet's Time-To-Live (TTL) has
expired, meaning it could not reach its destination within the allowed hops.

24. Which feature of IPv6 allows devices to automatically configure their own IP
addresses?

 A) Stateless Address Autoconfiguration (SLAAC)

 B) Dynamic Host Configuration Protocol (DHCP)
 C) Network Address Translation (NAT)
 D) Internet Control Message Protocol (ICMP)

Answer: A
Explanation: SLAAC (Stateless Address Autoconfiguration) allows IPv6 devices to
automatically configure their own IP addresses without the need for a DHCP server.

169 | P a g e
25. What is the main advantage of using Classless Inter-Domain Routing (CIDR)
over traditional IP addressing?

 A) It increases the size of the address space.

 B) It simplifies routing tables and reduces IP address waste.
 C) It allows for fixed-length subnet masks.
 D) It provides a method for dynamic IP address assignment.

Answer: B
Explanation: CIDR simplifies routing tables and reduces waste of IP addresses by
allowing for variable-length subnet masks.

26. What type of DNS record is used to map a domain name to an IPv6 address?

 A) A Record
 B) CNAME Record
 C) AAAA Record
 D) MX Record

Answer: C
Explanation: The AAAA record maps a domain name to an IPv6 address. An A
record is used for IPv4 addresses.

27. Which of the following statements about NAT (Network Address

Translation) is FALSE?

 A) NAT helps conserve the global IPv4 address space.

 B) NAT translates private IP addresses to public IP addresses.
 C) NAT introduces latency in packet transmission.
 D) NAT requires all internal devices to have public IP addresses.

Answer: D
Explanation: NAT allows internal devices to use private IP addresses while
translating these to a single public IP address for internet access, meaning not all
devices need public IPs.

170 | P a g e
28. In a socket programming context, what is the purpose of the 'bind' function?

 A) To establish a connection with a client.

 B) To allocate a port number to a socket.
 C) To listen for incoming connections on a socket.
 D) To send data over a socket.

Answer: B
Explanation: The 'bind' function is used to assign a specific port number and
optionally an IP address to a socket, allowing the application to listen on that port.

29. Which of the following is NOT a valid reason to use HTTP/2 over HTTP/1.1?

 A) Header compression to reduce overhead.

 B) Multiplexing to allow multiple requests/responses on a single connection.
 C) Increased latency in response times.
 D) Server push capabilities for preloading resources.

Answer: C
Explanation: HTTP/2 introduces header compression, multiplexing, and server push
capabilities, all aimed at improving performance and reducing latency, making option C
incorrect.

30. Which protocol is used by a client to retrieve email messages from a server
while keeping the messages on the server?

 A) POP3
 B) IMAP
 C) SMTP
 D) FTP

Answer: B
Explanation: IMAP (Internet Message Access Protocol) allows clients to retrieve
email messages while keeping them stored on the server, enabling access from multiple
devices.

171 | P a g e
31. Which of the following best describes a "socket" in network programming?

 A) A unique IP address for each device on a network.

 B) A combination of an IP address and a port number used for communication.
 C) A protocol for data encryption in transit.
 D) A method of routing packets in a network.

Answer: B
Explanation: A socket is defined as a combination of an IP address and a port
number, which allows for communication between two devices over a network.

32. What is the primary purpose of the ARP protocol?

 A) To dynamically assign IP addresses to devices on a network.

 B) To map an IP address to a physical MAC address in a local network.
 C) To send error messages and operational information.
 D) To perform network address translation.

Answer: B
Explanation: ARP (Address Resolution Protocol) is used to map an IP address to a
physical MAC address on a local network.

33. Which HTTP method is used to update a resource on a server?

 A) GET
 B) POST
 C) PUT
 D) DELETE

Answer: C
Explanation: The PUT method is used to update or replace an existing resource on a
server.

34. What is the maximum transmission unit (MTU) for Ethernet frames?

 A) 128 bytes
 B) 256 bytes
 C) 1500 bytes
 D) 9000 bytes

172 | P a g e
 Answer: C
Explanation: The maximum transmission unit (MTU) for standard Ethernet frames is
1500 bytes.

35. What happens when a packet's TTL reaches zero?

 A) The packet is delivered to its destination.

 B) The packet is forwarded to the next hop.
 C) The packet is discarded, and an ICMP error message is sent back.
 D) The packet is automatically rerouted.

Answer: C
Explanation: When a packet's TTL (Time-To-Live) reaches zero, it is discarded, and
an ICMP Time Exceeded message is sent back to the sender.

36. Which statement about IPv4 and IPv6 is true?

 A) IPv4 uses a 64-bit address space, while IPv6 uses a 128-bit address space.
 B) IPv6 supports multicast addressing, while IPv4 does not.
 C) IPv4 addresses are represented in hexadecimal format, while IPv6 addresses use
decimal format.
 D) IPv6 has a larger address space than IPv4, allowing for a greater number of unique IP
addresses.

Answer: D
Explanation: IPv6 has a 128-bit address space, allowing for a significantly larger
number of unique IP addresses compared to the 32-bit address space of IPv4.

37. What is the primary purpose of the ICMP protocol?

 A) To manage dynamic IP address assignments.

 B) To establish secure connections between hosts.
 C) To provide error messages and operational information regarding IP processing.
 D) To handle the transmission of multimedia content over the Internet.

Answer: C
Explanation: The ICMP (Internet Control Message Protocol) is primarily used to
send error messages and operational information related to IP processing.

173 | P a g e
38. What is a key benefit of using DNS over hard-coded IP addresses in
applications?

 A) DNS provides encryption for all data.

 B) DNS allows for easier management and updates of resource locations.
 C) DNS eliminates the need for network routing.
 D) DNS supports multiple protocols beyond HTTP.

Answer: B
Explanation: Using DNS allows for easier management and updates of resource
locations without changing application code, as domain names can be mapped to
different IP addresses.

39. In what scenario would you typically use the TCP/IP model?

 A) Designing a hardware protocol for local communications.

 B) Establishing connections for file transfer over the Internet.
 C) Creating a simple data storage solution.
 D) Developing an application that does not require network connectivity.

Answer: B
Explanation: The TCP/IP model is primarily used for establishing connections for
data communication over the Internet, particularly for protocols like FTP and HTTP.

40. What advantage does the use of ports provide in TCP/IP communications?

 A) It allows for encrypted communications.

 B) It enables multiple applications to use the same IP address.
 C) It reduces the number of required network interfaces.
 D) It increases the bandwidth of data transmission.

Answer: B
Explanation: Ports allow multiple applications to run on the same device using the same
IP address, enabling communication with different services simultaneously.

174 | P a g e
Different types of Network Security Protections:

o Firewall, Access Control, Remote Access VPN

o Types of Firewall o Access Control

1. Which of the following best describes a firewall's primary function?

 A) To manage network traffic flow.

 B) To encrypt data transmitted over a network.
 C) To provide access control to users.
 D) To filter incoming and outgoing network traffic based on predetermined security
rules.

Answer: D
Explanation: A firewall is designed to filter incoming and outgoing network traffic
based on security rules, acting as a barrier between a trusted internal network and
untrusted external networks.

2. What is the primary difference between a stateful firewall and a stateless

firewall?

 A) Stateful firewalls inspect packets only at the application layer, while stateless firewalls
inspect at the transport layer.
 B) Stateless firewalls track the state of active connections, while stateful firewalls do not.
 C) Stateful firewalls can make decisions based on the context of traffic, while stateless
firewalls make decisions based on individual packets.
 D) There is no difference; both terms refer to the same technology.

Answer: C
Explanation: Stateful firewalls maintain the state of active connections and can make
more informed decisions based on the context of traffic, while stateless firewalls treat
each packet in isolation.

3. Which type of access control policy restricts access based on user roles and
their permissions?

 A) Mandatory Access Control (MAC)

 B) Role-Based Access Control (RBAC)
 C) Discretionary Access Control (DAC)
 D) Attribute-Based Access Control (ABAC)

175 | P a g e
 Answer: B
Explanation: Role-Based Access Control (RBAC) assigns access permissions based on
the user’s role within an organization, making it easier to manage user rights based on
responsibilities.

4. What is the primary purpose of a Remote Access VPN?

 A) To provide encrypted communication for all users within a local network.

 B) To allow secure connections from remote locations to a private network over the
Internet.
 C) To filter web traffic for security purposes.
 D) To monitor network activity in real time.

Answer: B
Explanation: A Remote Access VPN allows users to securely connect to a private
network from a remote location, encrypting data transmitted over potentially insecure
networks like the Internet.

5. In which scenario would you typically use a Proxy Firewall?

 A) To create a secure tunnel for remote access.

 B) To filter and control web traffic.
 C) To provide deep packet inspection for all incoming traffic.
 D) To enforce strong user authentication policies.

Answer: B
Explanation: A Proxy Firewall acts as an intermediary between clients and servers,
primarily used for filtering and controlling web traffic, providing anonymity and
security.

6. What type of access control is characterized by users being granted access

based on their identity and the discretion of the data owner?

 A) Mandatory Access Control (MAC)

 B) Role-Based Access Control (RBAC)
 C) Discretionary Access Control (DAC)
 D) Attribute-Based Access Control (ABAC)

Answer: C
Explanation: Discretionary Access Control (DAC) allows data owners to control

176 | P a g e
 access to their resources based on user identity, giving them discretion over who can
access what.

7. Which of the following is a disadvantage of using a stateful firewall?

 A) It cannot track active connections.

 B) It consumes more resources than stateless firewalls.
 C) It offers less security than a stateless firewall.
 D) It is unable to filter traffic based on the application layer.

Answer: B
Explanation: Stateful firewalls require more resources to maintain connection states,
making them generally more resource-intensive than stateless firewalls.

8. What is the primary function of an Intrusion Detection System (IDS) in a

network?

 A) To prevent unauthorized access to a network.

 B) To monitor network traffic for suspicious activity and generate alerts.
 C) To manage user permissions and access controls.
 D) To encrypt data in transit.

Answer: B
Explanation: An Intrusion Detection System (IDS) is designed to monitor network
traffic for suspicious activity and generate alerts when potential threats are detected.

9. Which of the following is an example of a network-based firewall?

 A) Software firewall installed on individual devices.

 B) Hardware firewall deployed at the network perimeter.
 C) Application-layer firewall for specific applications.
 D) Database firewall that monitors database traffic.

Answer: B
Explanation: A hardware firewall deployed at the network perimeter is an example of
a network-based firewall, designed to protect the entire network rather than individual
devices.

177 | P a g e
10. Which access control model uses attributes to determine access rights?

 A) Discretionary Access Control (DAC)

 B) Role-Based Access Control (RBAC)
 C) Mandatory Access Control (MAC)
 D) Attribute-Based Access Control (ABAC)

Answer: D
Explanation: Attribute-Based Access Control (ABAC) uses attributes (such as user,
resource, and environment attributes) to define and enforce access policies.

11. What is the key difference between a VPN and a Remote Access VPN?

 A) A VPN is used for site-to-site connections, while a Remote Access VPN is used for
individual users.
 B) A VPN encrypts all traffic, while a Remote Access VPN does not.
 C) A VPN requires client-side software, while a Remote Access VPN does not.
 D) There is no difference; both terms are interchangeable.

Answer: A
Explanation: A VPN can refer to both site-to-site connections (between networks) and
Remote Access VPNs (for individual users), but the key difference lies in their
applications.

12. What is the main disadvantage of using a packet filtering firewall?

 A) It cannot perform deep packet inspection.

 B) It is less effective against insider threats.
 C) It requires more complex rules than stateful firewalls.
 D) It is more expensive to implement than other firewalls.

Answer: A
Explanation: Packet filtering firewalls operate at the network layer and primarily
examine packet headers, which means they cannot perform deep packet inspection to
analyze payload content.

178 | P a g e
13. Which type of firewall combines the features of both packet filtering and
stateful inspection?

 A) Application Firewall
 B) Next-Generation Firewall (NGFW)
 C) Proxy Firewall
 D) Circuit-Level Gateway

Answer: B
Explanation: A Next-Generation Firewall (NGFW) combines features of traditional
firewalls (packet filtering and stateful inspection) with additional capabilities such as
application awareness and deep packet inspection.

14. What mechanism is commonly used in VPNs to ensure data confidentiality?

 A) Packet Filtering
 B) Public Key Infrastructure (PKI)
 C) Protocol Encryption (e.g., SSL/TLS, IPsec)
 D) Firewall Rules

Answer: C
Explanation: Protocol encryption (such as SSL/TLS or IPsec) is used in VPNs to
ensure the confidentiality of data transmitted over the VPN tunnel.

15. Which of the following statements is true regarding remote access VPNs?

 A) They require a dedicated hardware appliance.

 B) They do not encrypt data transmitted over the Internet.
 C) They allow remote users to securely access the organization's internal network.
 D) They are only suitable for large enterprises with dedicated IT staff.

Answer: C
Explanation: Remote access VPNs allow remote users to securely access an
organization’s internal network, enabling secure communication over the Internet.

16. What is a common use case for implementing Access Control Lists (ACLs) in
firewalls?

 A) To establish a secure VPN tunnel.

 B) To monitor network traffic for suspicious activity.
179 | P a g e
  C) To define and enforce rules for which traffic can pass through the firewall.
 D) To encrypt sensitive data in transit.

Answer: C
Explanation: Access Control Lists (ACLs) in firewalls are used to define and enforce
rules regarding which traffic is allowed or denied access through the firewall based on
specified criteria.

17. Which of the following best describes the role of a DMZ (Demilitarized Zone)
in network security?

 A) It provides an extra layer of security for sensitive internal networks.

 B) It is a trusted area of the network where all internal users reside.
 C) It isolates publicly accessible servers from the internal network.
 D) It serves as a backup network for disaster recovery purposes.

Answer: C
Explanation: A DMZ (Demilitarized Zone) is a perimeter network that isolates publicly
accessible servers (such as web servers) from the internal network, providing an
additional layer of security.

18. In a VPN connection, what does the term "tunneling" refer to?

 A) The process of creating a secure pathway through the Internet for data transmission.
 B) The technique used to bypass firewall restrictions.
 C) The method of verifying user identities.
 D) The encryption algorithm applied to data packets.

Answer: A
Explanation: Tunneling refers to the process of creating a secure pathway through the
Internet for transmitting data, often using encapsulation and encryption techniques to
ensure privacy and security.

19. What is the primary purpose of implementing Network Access Control

(NAC)?

 A) To establish secure connections between different networks.

 B) To prevent unauthorized access to network resources.
 C) To manage user authentication and authorization.
 D) To monitor and log all network traffic.

180 | P a g e
 Answer: B
Explanation: The primary purpose of Network Access Control (NAC) is to prevent
unauthorized access to network resources by enforcing security policies based on user
identity and device compliance.

20. Which type of attack is specifically targeted at manipulating or bypassing

access control measures?

 A) Denial of Service (DoS)

 B) Phishing
 C) Social Engineering
 D) Privilege Escalation

Answer: D
Explanation: Privilege Escalation attacks aim to manipulate or bypass access control
measures, allowing attackers to gain unauthorized levels of access to systems or data.

21. Which type of firewall operates at the application layer to filter traffic based
on specific content within the packets?

 A) Packet Filtering Firewall

 B) Stateful Firewall
 C) Application Firewall
 D) Next-Generation Firewall (NGFW)

Answer: C
Explanation: An Application Firewall operates at the application layer and is capable
of filtering traffic based on specific content and applications rather than just packet
headers.

22. What is the primary function of a bastion host in a network security

architecture?

 A) To provide a backup for network data.

 B) To act as a gateway between internal and external networks.
 C) To serve as the main firewall for the organization.
 D) To authenticate users trying to access the network.

Answer: B
Explanation: A bastion host is a special-purpose computer on a network specifically
181 | P a g e
 designed and configured to withstand attacks, often acting as a gateway between
internal and external networks.

23. Which of the following is a potential disadvantage of using a VPN?

 A) Increased security for remote users.

 B) Reduced performance due to encryption overhead.
 C) Easy access for unauthorized users.
 D) Improved data integrity during transmission.

Answer: B
Explanation: The use of a VPN can lead to reduced performance because of the
encryption overhead required to secure the connection, especially with large data
transfers.

24. What is the purpose of NAT (Network Address Translation) in network

security?

 A) To encrypt data packets during transmission.

 B) To conceal internal IP addresses from external networks.
 C) To filter incoming and outgoing traffic based on rules.
 D) To monitor and log network activity.

Answer: B
Explanation: NAT (Network Address Translation) is primarily used to conceal
internal IP addresses from external networks, providing an additional layer of security
and allowing multiple devices to share a single public IP address.

25. Which type of firewall configuration is most effective at providing protection

against application-layer attacks?

 A) Network-based Firewall
 B) Stateful Packet Inspection Firewall
 C) Application Layer Firewall
 D) Circuit-Level Gateway

Answer: C
Explanation: An Application Layer Firewall is specifically designed to protect against
application-layer attacks by inspecting the content of the traffic and enforcing security
policies at the application level.

182 | P a g e
26. Which of the following protocols is commonly used for implementing Remote
Access VPNs?

 A) ARP
 B) RDP
 C) IPsec
 D) DHCP

Answer: C
Explanation: IPsec is one of the most commonly used protocols for implementing
Remote Access VPNs, providing security at the IP layer through encryption and
authentication.

27. In an access control model, which of the following principles states that users
should have the minimum level of access necessary to perform their job
functions?

 A) Need-to-Know Principle
 B) Principle of Least Privilege
 C) Separation of Duties
 D) Mandatory Access Control

Answer: B
Explanation: The Principle of Least Privilege states that users should have the
minimum level of access necessary to perform their job functions, reducing the risk of
unauthorized access.

28. Which of the following describes the concept of "defense in depth" in

network security?

 A) Using multiple firewalls in parallel to secure a network.

 B) Implementing a single strong security measure at the perimeter of a network.
 C) Utilizing multiple layers of security controls throughout the network.
 D) Relying solely on encryption to protect data.

Answer: C
Explanation: Defense in depth refers to the practice of utilizing multiple layers of
security controls throughout the network to provide redundancy and enhance overall
security.

183 | P a g e
29. Which of the following access control methods allows for the dynamic
granting of access rights based on attributes and conditions?

 A) Role-Based Access Control (RBAC)

 B) Mandatory Access Control (MAC)
 C) Discretionary Access Control (DAC)
 D) Attribute-Based Access Control (ABAC)

Answer: D
Explanation: Attribute-Based Access Control (ABAC) allows for dynamic granting
of access rights based on a combination of attributes and conditions, providing more
flexible access control.

30. What is the primary risk associated with using a poorly configured firewall?

 A) Increased encryption overhead

 B) Unauthorized access to internal systems
 C) Decreased network performance
 D) Loss of data integrity

Answer: B
Explanation: A poorly configured firewall can lead to unauthorized access to
internal systems, as it may not effectively enforce the security policies intended to
protect the network.

31. What type of firewall filters traffic based on session information and
maintains the state of active connections?

 A) Stateless Firewall
 B) Stateful Firewall
 C) Proxy Firewall
 D) Application Firewall

Answer: B
Explanation: A Stateful Firewall maintains session information and the state of active
connections, allowing it to make more informed decisions about whether to allow or
block traffic.

184 | P a g e
32. Which of the following is a disadvantage of using a proxy server as a firewall?

 A) It provides anonymity for users.

 B) It can cache web content to improve performance.
 C) It can introduce latency into network connections.
 D) It offers detailed logging and monitoring of traffic.

Answer: C
Explanation: One disadvantage of using a proxy server as a firewall is that it can
introduce latency into network connections, as traffic is routed through the proxy before
reaching its destination.

33. Which access control model is most commonly used in database management
systems?

 A) Mandatory Access Control (MAC)

 B) Role-Based Access Control (RBAC)
 C) Discretionary Access Control (DAC)
 D) Attribute-Based Access Control (ABAC)

Answer: C
Explanation: Discretionary Access Control (DAC) is the most commonly used model
in database management systems, allowing users to control access to their own data.

34. What is the primary function of a security policy in network security?

 A) To monitor network traffic in real time.

 B) To define security rules and procedures for protecting assets.
 C) To manage user permissions and access rights.
 D) To encrypt data in transit.

Answer: B
Explanation: A security policy outlines the security rules and procedures that govern
the protection of an organization’s assets, serving as a foundational document for security
practices.

35. In the context of firewalls, what does the term "logging" refer to?

 A) The process of encrypting traffic.

 B) The act of monitoring and recording network activity.

185 | P a g e
  C) The method of filtering traffic based on content.
 D) The configuration of access control rules.

Answer: B
Explanation: Logging refers to the act of monitoring and recording network activity,
allowing administrators to review traffic patterns and identify potential security incidents.

36. What is the primary purpose of a reverse proxy server in a network?

 A) To provide secure access to internal resources.

 B) To act as a gateway for external users.
 C) To distribute incoming traffic among multiple servers.
 D) To enforce security policies for outgoing traffic.

Answer: C
Explanation: A reverse proxy server is primarily used to distribute incoming traffic
among multiple servers, improving load balancing, performance, and security.

37. Which of the following is NOT a characteristic of a VPN?

 A) Provides secure remote access to private networks.

 B) Encrypts data transmitted over the Internet.
 C) Requires dedicated hardware for implementation.
 D) Can be configured to use different tunneling protocols.

Answer: C
Explanation: A VPN does not necessarily require dedicated hardware for
implementation; it can be configured using software on existing hardware.

38. What type of attack is specifically designed to bypass a firewall by exploiting

trust relationships?

 A) Phishing Attack
 B) Man-in-the-Middle Attack
 C) Trust Exploit Attack
 D) Port Scanning Attack

Answer: C
Explanation: A Trust Exploit Attack is designed to bypass firewalls by exploiting trust
relationships between networks, allowing attackers to gain unauthorized access.

186 | P a g e
39. Which of the following statements about Remote Access VPNs is true?

 A) They only support IPsec tunneling.

 B) They are primarily used for site-to-site connections.
 C) They allow remote users to access internal resources securely.
 D) They do not provide encryption for data in transit.

Answer: C
Explanation: Remote Access VPNs allow remote users to access internal resources
securely, providing encryption and security for data transmitted over public networks.

40. What role does a VPN concentrator play in a network?

 A) It filters network traffic based on rules.

 B) It creates and manages VPN communication.
 C) It encrypts and decrypts data packets.
 D) It monitors network activity for suspicious behavior.

Answer: B
Explanation: A VPN concentrator is a device that creates and manages VPN
communication, establishing secure connections for remote users and managing multiple
VPN tunnels.

4. Cloud

Cloud Computing - Characteristics of Cloud computing - Types of Cloud Services

(SAAS, PAAS, IAAS) - Public vs Private Cloud

1. Which of the following is not considered a core characteristic of cloud

computing?

 A) On-demand self-service
 B) Broad network access
 C) Low latency and high throughput
 D) Resource pooling

187 | P a g e
 Answer: C
Explanation: Low latency and high throughput are performance metrics, but not a core
characteristic of cloud computing. Cloud characteristics typically include on-demand
self-service, broad network access, resource pooling, etc.

2. In cloud computing, the ability to dynamically scale resources up and down

based on workload is known as:

 A) Resource pooling
 B) Elasticity
 C) Virtualization
 D) Multi-tenancy

Answer: B
Explanation: Elasticity refers to the cloud’s ability to dynamically scale resources up
or down based on current workloads, ensuring efficient resource utilization.

3. Which type of cloud service allows users to run and manage applications
without dealing with the underlying infrastructure?

 A) SaaS
 B) PaaS
 C) IaaS
 D) FaaS

Answer: B
Explanation: PaaS (Platform as a Service) enables users to develop, run, and manage
applications without dealing with the complexities of infrastructure management.

4. What differentiates IaaS (Infrastructure as a Service) from PaaS (Platform as

a Service)?

 A) IaaS provides platform tools while PaaS provides hardware resources.

 B) IaaS provides hardware infrastructure, while PaaS provides platform development
environments.
 C) PaaS allows only SaaS integration, while IaaS does not.
 D) IaaS is a lower-level service than SaaS.

Answer: B
Explanation: IaaS provides hardware infrastructure such as servers, storage, and
188 | P a g e
 networking, whereas PaaS offers a platform for developing applications without the
need to manage the underlying infrastructure.

5. Which of the following describes the "pay-as-you-go" pricing model in cloud

computing?

 A) Clients pay upfront for all the resources they may use in the future.
 B) Clients are billed based on the number of users.
 C) Clients pay only for the resources they consume.
 D) Clients are billed annually for cloud services.

Answer: C
Explanation: In the pay-as-you-go model, clients are billed based on actual resource
consumption, rather than paying for a predetermined set of resources or services.

6. Which cloud service model allows users to control the operating system,
storage, and deployed applications, but not the underlying hardware?

 A) SaaS
 B) IaaS
 C) PaaS
 D) CaaS

Answer: B
Explanation: IaaS (Infrastructure as a Service) gives users control over operating
systems, storage, and applications, but they do not manage the underlying hardware
infrastructure.

7. In cloud computing, which feature ensures that services are available across
various platforms and devices, independent of location?

 A) Broad network access

 B) Resource pooling
 C) Measured service
 D) Rapid elasticity

Answer: A
Explanation: Broad network access means services are accessible from a variety of
devices and platforms, such as mobile phones, laptops, and workstations, regardless of
location.
189 | P a g e
8. Which of the following statements is true about Private Cloud?

 A) Private cloud services are always hosted by a third-party provider.

 B) Private clouds are generally more expensive to maintain than public clouds.
 C) Private clouds are shared with multiple organizations.
 D) Private clouds offer less control over security than public clouds.

Answer: B
Explanation: Private clouds are dedicated to a single organization and are typically
more expensive to maintain because the organization must handle hardware and
software management.

9. Which cloud deployment model provides the highest level of security and data
control?

 A) Public Cloud
 B) Private Cloud
 C) Hybrid Cloud
 D) Community Cloud

Answer: B
Explanation: Private Cloud offers the highest level of security and data control, as the
infrastructure is dedicated to one organization and can be customized to meet strict
security and compliance requirements.

10. Which cloud computing model allows companies to combine their private
cloud infrastructure with public cloud services?

 A) Community Cloud
 B) Hybrid Cloud
 C) Public Cloud
 D) Distributed Cloud

Answer: B
Explanation: A Hybrid Cloud combines both private and public cloud services,
allowing data and applications to be shared between them.

190 | P a g e
11. What is the primary advantage of the multi-tenancy architecture in cloud
computing?

 A) Each customer has their dedicated server.

 B) Multiple users can share the same physical resources, reducing costs.
 C) Each tenant has a private and isolated environment with no sharing of resources.
 D) Multi-tenancy increases security by isolating each tenant.

Answer: B
Explanation: Multi-tenancy allows multiple users to share the same physical
resources, which reduces infrastructure costs, making cloud services more cost-effective.

12. Which type of cloud service is typically used by businesses to rent virtual
machines, storage, and networking capabilities?

 A) SaaS
 B) PaaS
 C) IaaS
 D) DaaS

Answer: C
Explanation: IaaS (Infrastructure as a Service) allows businesses to rent virtual
machines, storage, and networking resources without managing physical hardware.

13. Which characteristic of cloud computing allows organizations to only pay for
the resources they actually use?

 A) Elasticity
 B) Resource Pooling
 C) Measured Service
 D) On-Demand Self-Service

Answer: C
Explanation: Measured service enables billing based on actual usage, allowing
organizations to only pay for the resources they consume.

14. In the context of cloud computing, what is the primary function of

"virtualization"?

191 | P a g e
  A) To secure cloud services
 B) To provide a web interface for cloud management
 C) To create multiple virtual environments on a single physical machine
 D) To connect different cloud services

Answer: C
Explanation: Virtualization is a technology that allows multiple virtual machines to
run on a single physical machine, which is foundational to cloud computing.

15. Which of the following is NOT a key benefit of using SaaS (Software as a
Service)?

 A) Minimal initial costs

 B) Automatic software updates
 C) Full control over infrastructure
 D) Access from any device with internet connectivity

Answer: C
Explanation: SaaS solutions do not provide full control over infrastructure, as the
service provider manages the software, hardware, and network resources.

16. Which cloud deployment model would best suit a government organization
that needs to share cloud resources with other governmental agencies?

 A) Public Cloud
 B) Private Cloud
 C) Hybrid Cloud
 D) Community Cloud

Answer: D
Explanation: A Community Cloud is suitable when organizations with common goals
or requirements, like governmental agencies, need to share resources and infrastructure.

17. Which of the following is the main advantage of the Public Cloud over the
Private Cloud?

 A) Higher control over infrastructure

 B) Lower upfront costs
 C) Improved security
 D) Greater customization options
192 | P a g e
 Answer: B
Explanation: The Public Cloud generally has lower upfront costs since users do not
need to purchase or maintain physical hardware or infrastructure.

18. What is the primary disadvantage of using a Public Cloud?

 A) Inability to scale resources

 B) Higher costs for large organizations
 C) Less control over security and privacy
 D) Limited availability of services

Answer: C
Explanation: One of the main disadvantages of a Public Cloud is that organizations
have less control over security and privacy, as the infrastructure is shared with other
tenants.

19. What differentiates hybrid cloud from other cloud models?

 A) It combines features of private and public clouds.

 B) It is only used by large enterprises.
 C) It restricts access to local networks only.
 D) It eliminates the need for a public cloud entirely.

Answer: A
Explanation: A Hybrid Cloud combines the features of private and public clouds,
offering greater flexibility by allowing organizations to move workloads between clouds
as needed.

20. Which type of cloud service offers the least user control over the underlying
infrastructure?

 A) SaaS
 B) IaaS
 C) PaaS
 D) DaaS

Answer: A
Explanation: In SaaS (Software as a Service), users have the least control over the
underlying infrastructure, as the service provider manages the entire stack, from hardware
to software.

193 | P a g e
21. Which of the following is the most challenging issue when migrating a legacy
system to the cloud?

 A) Cost optimization
 B) Scalability of services
 C) Data security and compliance
 D) Virtualization of physical hardware

Answer: C
Explanation: Data security and compliance is often the most challenging issue because
legacy systems were often built without cloud security considerations, and ensuring
compliance with various regulations adds to the complexity.

22. In a hybrid cloud architecture, what challenge does "data sovereignty" refer
to?

 A) Maintaining control over data in geographically dispersed clouds.

 B) Managing resource allocation across public and private clouds.
 C) Ensuring that different operating systems can interoperate.
 D) Minimizing latency between on-premise and cloud systems.

Answer: A
Explanation: Data sovereignty refers to the control and legal jurisdiction over data
when it is stored in cloud environments spread across multiple countries.

23. Which of the following cloud computing challenges is directly related to

multitenancy?

 A) Performance degradation
 B) Cloud elasticity
 C) Regulatory compliance
 D) Isolation failure

Answer: D
Explanation: Isolation failure is a key concern in a multitenant architecture, where
multiple tenants share the same infrastructure, making it challenging to isolate each
tenant's data and processes securely.

194 | P a g e
24. What distinguishes a "community cloud" from a private cloud?

 A) Community cloud is publicly available.

 B) Community cloud is specifically designed for individual users.
 C) Community cloud is shared by multiple organizations with similar requirements.
 D) Community cloud offers more scalability than a private cloud.

Answer: C
Explanation: A community cloud is shared by several organizations with common
goals or requirements, typically in highly regulated sectors like healthcare or
government.

25. In terms of cloud pricing models, which factor would have the least impact on
cost in a multi-cloud strategy?

 A) Ingress and egress data charges

 B) CPU and memory utilization
 C) Service Level Agreement (SLA) guarantees
 D) Storage capacity and read/write operations

Answer: C
Explanation: SLA guarantees do not directly impact the cost as much as resource
usage, such as data transfers and storage operations, which are critical factors in a
multi-cloud strategy.

26. Which of the following correctly identifies a potential disadvantage of

serverless architectures in cloud computing?

 A) Reduced flexibility in scaling resources

 B) Complex server management required
 C) Vendor lock-in due to platform-specific APIs
 D) Lack of automated failover mechanisms

Answer: C
Explanation: Serverless architectures often rely on vendor-specific services and
APIs, leading to a risk of vendor lock-in, making it difficult to migrate to other
platforms.

195 | P a g e
27. Which statement is true about "auto-scaling" in a cloud environment?

 A) Auto-scaling requires manual intervention to allocate resources.

 B) Auto-scaling allows for predictive scaling based on historical data.
 C) Auto-scaling is limited to CPU usage and ignores memory.
 D) Auto-scaling cannot be integrated with PaaS services.

Answer: B
Explanation: Auto-scaling can be configured to scale resources dynamically or
predictively based on historical trends and anticipated workload demand.

28. What is the primary difference between a "hot site" and a "warm site" in
cloud disaster recovery?

 A) A hot site requires manual data transfer, while a warm site is automated.
 B) A hot site is fully operational with real-time data backup, while a warm site requires
some manual configuration.
 C) A warm site is more expensive to maintain than a hot site.
 D) A warm site provides better performance but less redundancy.

Answer: B
Explanation: A hot site is fully operational with real-time data synchronization,
whereas a warm site has infrastructure in place but requires some configuration and
data synchronization before becoming operational.

29. Which type of attack exploits the elasticity of cloud services to drive up the
victim's cost?

 A) DDoS (Distributed Denial-of-Service)

 B) SQL Injection
 C) Economic Denial of Sustainability (EDoS)
 D) Man-in-the-Middle (MITM)

Answer: C
Explanation: Economic Denial of Sustainability (EDoS) targets the cloud service's
elasticity, causing excessive resource consumption and ultimately leading to increased
costs for the victim.

196 | P a g e
30. What is the primary reason for latency in hybrid cloud models where public
and private clouds are integrated?

 A) Poor CPU performance in public clouds.

 B) Complex routing algorithms in private clouds.
 C) Data transfer between public and private clouds.
 D) Insufficient encryption mechanisms.

Answer: C
Explanation: Latency in a hybrid cloud environment is mainly due to the data transfer
between public and private clouds, especially when significant data synchronization is
required.

31. Which of the following is the primary purpose of "multi-cloud" strategies in

enterprises?

 A) To improve geographic redundancy

 B) To prevent vendor lock-in and enhance resiliency
 C) To enhance customer experience across devices
 D) To reduce CAPEX by leveraging public clouds

Answer: B
Explanation: A multi-cloud strategy is often used to avoid vendor lock-in, improve
resiliency, and ensure high availability by leveraging multiple cloud providers.

32. Which of the following practices would most effectively mitigate the risk of
"VM Escape" in IaaS environments?

 A) Using firewalls to block malicious traffic

 B) Isolating virtual machines using hypervisor security mechanisms
 C) Encrypting data at rest and in transit
 D) Limiting CPU and memory allocation for VMs

Answer: B
Explanation: VM Escape occurs when a malicious actor breaks out of a virtual machine
and gains access to the host system or other VMs. Hypervisor security and VM
isolation mechanisms are critical to preventing this.

197 | P a g e
33. In cloud service models, which layer offers virtual machine management and
API controls but requires the user to manage the OS and applications?

 A) SaaS
 B) PaaS
 C) IaaS
 D) FaaS

Answer: C
Explanation: In IaaS (Infrastructure as a Service), the user has control over the
operating system, applications, and data, while the cloud provider manages the
underlying hardware and virtualization.

34. In a highly regulated industry, which cloud service model is typically

preferred for its security and compliance capabilities?

 A) Public Cloud
 B) Hybrid Cloud
 C) Private Cloud
 D) Community Cloud

Answer: C
Explanation: Private Cloud is preferred in highly regulated industries, as it provides
better security and compliance capabilities, with full control over infrastructure and
data.

35. What feature distinguishes "Platform as a Service" (PaaS) from

Infrastructure as a Service (IaaS)?

 A) PaaS provides databases and middleware services, while IaaS provides only virtual
machines.
 B) PaaS offers more control over hardware, while IaaS abstracts infrastructure
completely.
 C) PaaS lacks scalability, while IaaS is designed for large-scale deployments.
 D) PaaS requires more user control over security patches than IaaS.

Answer: A
Explanation: PaaS includes databases, middleware, and development tools, whereas
IaaS provides virtual machines and basic infrastructure but requires users to handle
everything from the operating system up.

198 | P a g e
36. Which of the following is a benefit of using a content delivery network (CDN)
in a cloud environment?

 A) Reducing the need for IaaS infrastructure

 B) Enhanced security through encryption mechanisms
 C) Reduced latency by caching content closer to the user
 D) Simplified database replication

Answer: C
Explanation: A CDN improves performance by caching content in servers that are
closer to the end-users, thereby reducing latency.

37. Which type of firewall is best suited for protecting web applications from
specific vulnerabilities like SQL Injection or XSS?

 A) Network-based firewall
 B) Stateful firewall
 C) Application Layer firewall
 D) Stateless firewall

Answer: C
Explanation: Application Layer firewalls or Web Application Firewalls (WAFs) are
designed to protect web applications by filtering and monitoring HTTP traffic and
preventing attacks like SQL Injection and Cross-Site Scripting (XSS).

38. What is the role of the "Service Broker" in a cloud service model?

 A) To manage and deploy cloud resources across multiple providers

 B) To allow cloud consumers to use services without directly interacting with providers
 C) To provide data encryption and secure access control
 D) To ensure quality of service by enforcing SLAs

Answer: B
Explanation: A Service Broker in cloud computing is responsible for interfacing
between the cloud consumer and provider, abstracting the complexities of service
discovery and provisioning.

39. Which protocol is used in cloud environments for identity and access
management to enable single sign-on (SSO)?

199 | P a g e
  A) OAuth
 B) FTP
 C) ICMP
 D) SMTP

Answer: A
Explanation: OAuth is a widely-used protocol for identity and access management,
enabling single sign-on (SSO) capabilities by allowing third-party applications to grant
limited access to resources without exposing credentials.

40. In cloud computing, "multi-tenancy" primarily refers to which of the

following characteristics?

 A) The ability of a single server to host multiple applications.

 B) The sharing of computing resources by multiple users while maintaining isolation.
 C) The automatic scaling of resources based on user demand.
 D) The use of redundant storage systems to prevent data loss.

Answer: B
Explanation: Multi-tenancy refers to the shared usage of computing resources (e.g.,
storage, servers) by multiple cloud tenants, while ensuring logical isolation between
them to protect data and workloads.

Virtualization - Distributed Parallel vs Cloud Computing - Containerization

- Types of Virtualization o Server-based vs Hypervisor-based
virtualization o Type 1 vs Type 2 virtualization o Full vs Para virtualization
- Virtual Machines vs Containers - Continuous Integration and Continuous
Delivery (CI/CD)

1. Which of the following best describes "containerization"?

 A) It enables the virtualized sharing of hardware resources.

 B) It packages applications and their dependencies into a single executable package.
 C) It abstracts physical machines into multiple virtual machines.
 D) It involves using a hypervisor to allocate hardware resources.

200 | P a g e
 Answer: B
Explanation: Containerization packages applications and their dependencies into a
single container, ensuring that the software works uniformly across different
environments.

2. In cloud computing, what is the key difference between distributed computing

and parallel computing?

 A) Parallel computing involves multiple machines, while distributed computing involves

multiple processors on a single machine.
 B) Parallel computing handles tasks simultaneously on different processors, while
distributed computing spreads tasks across multiple machines.
 C) Distributed computing requires real-time communication between nodes, while
parallel computing does not.
 D) Parallel computing uses virtualization, whereas distributed computing does not.

Answer: B
Explanation: Parallel computing handles multiple tasks simultaneously on different
processors within a single machine, while distributed computing spreads tasks across
multiple geographically dispersed machines.

3. Which of the following is a characteristic of Type 2 hypervisors?

 A) Directly installed on physical hardware

 B) Provides better performance than Type 1 hypervisors
 C) Runs on top of a host operating system
 D) Suitable for enterprise-level data centers

Answer: C
Explanation: Type 2 hypervisors are installed on top of a host operating system and
provide virtualization capabilities, but they are generally slower compared to Type 1
hypervisors.

4. What is the primary advantage of using containers over traditional virtual

machines?

 A) Containers provide more isolation between applications.

 B) Containers can run different operating systems.
 C) Containers have lower overhead and start faster.
 D) Containers provide better security than virtual machines.

201 | P a g e
 Answer: C
Explanation: Containers have significantly lower overhead and start much faster than
traditional virtual machines, making them highly efficient for microservices and cloud-
native applications.

5. Which of the following describes "Full Virtualization"?

 A) The guest OS is aware of the virtualization and collaborates with the hypervisor.
 B) The guest OS is unaware of the virtualization and relies on the hypervisor to translate
hardware instructions.
 C) The hypervisor modifies the guest OS to enable better performance.
 D) The hardware resources are shared equally among all virtual machines.

Answer: B
Explanation: In Full Virtualization, the guest OS is unaware of the virtualization and
the hypervisor translates hardware instructions to enable multiple operating systems to
run on the same physical machine.

6. In the context of virtualization, what is the key distinction between Type 1 and
Type 2 hypervisors?

 A) Type 1 hypervisors run on bare-metal hardware, whereas Type 2 hypervisors require a

host OS.
 B) Type 1 hypervisors provide less performance than Type 2 hypervisors.
 C) Type 1 hypervisors cannot manage multiple virtual machines, while Type 2 can.
 D) Type 1 hypervisors are only used for desktop virtualization.

Answer: A
Explanation: Type 1 hypervisors are installed directly on bare-metal hardware, while
Type 2 hypervisors run on top of an existing host operating system, making Type 1
faster and more efficient for enterprise use.

7. Which type of virtualization allows multiple operating systems to run on a

single physical machine without modifying the OS?

 A) Para-virtualization
 B) Full Virtualization
 C) Storage Virtualization
 D) Network Virtualization

202 | P a g e
 Answer: B
Explanation: Full Virtualization enables multiple operating systems to run on the same
hardware without modifying the guest operating systems, by using a hypervisor to
translate system calls.

8. What is the role of "orchestration tools" like Kubernetes in containerization?

 A) They manage the underlying hardware resources.

 B) They allow the running of multiple hypervisors on a single machine.
 C) They automate the deployment, scaling, and management of containerized
applications.
 D) They provide networking capabilities between containers.

Answer: C
Explanation: Orchestration tools like Kubernetes automate the deployment, scaling,
and management of containerized applications, making it easier to handle large-scale
microservices architectures.

9. In which scenario is server-based virtualization more advantageous than

hypervisor-based virtualization?

 A) When high performance and lower latency are required

 B) When running on bare-metal servers without a host OS
 C) When running on commodity hardware with limited virtualization support
 D) When the virtualization overhead needs to be minimized

Answer: C
Explanation: Server-based virtualization (software-based) is often used in scenarios
where commodity hardware lacks the advanced support for hardware-level
virtualization (as required by hypervisor-based virtualization).

10. In continuous integration/continuous delivery (CI/CD), what is the main

benefit of having automated tests integrated into the pipeline?

 A) It eliminates the need for manual code reviews.

 B) It ensures that code changes do not break existing functionality.
 C) It reduces the time taken to deploy code changes.
 D) It removes the need for version control.

203 | P a g e
 Answer: B
Explanation: Automated tests in the CI/CD pipeline ensure that code changes do not
introduce bugs or break existing functionality, thereby maintaining code quality.

11. Which virtualization technique requires the guest OS to be modified in order

to run on virtualized hardware?

 A) Para-Virtualization
 B) Full Virtualization
 C) Network Virtualization
 D) Desktop Virtualization

Answer: A
Explanation: Para-Virtualization requires modifications to the guest OS to improve
performance and better collaborate with the hypervisor, unlike full virtualization which
requires no such modifications.

12. What is a key advantage of distributed computing in cloud environments?

 A) It ensures all computing happens in a single location.

 B) It provides redundancy by distributing tasks across multiple machines or nodes.
 C) It is less secure than centralized computing.
 D) It only works in private clouds.

Answer: B
Explanation: Distributed computing distributes tasks across multiple nodes or
machines, providing redundancy and improved fault tolerance, which is critical in cloud
environments.

13. In which environment would "Type 1 Hypervisors" typically be deployed?

 A) Personal computers for desktop virtualization

 B) Enterprise data centers for running multiple virtual servers
 C) Running lightweight containers
 D) Hosting a development environment for a single application

Answer: B
Explanation: Type 1 Hypervisors are commonly used in enterprise data centers
because they provide bare-metal performance and allow multiple virtual servers to run
efficiently on a single physical machine.

204 | P a g e
14. In a microservices architecture, which of the following is the best reason for
using containers?

 A) Containers provide stateful behavior by default.

 B) Containers allow for quicker scaling and orchestration of services.
 C) Containers are easier to monitor than virtual machines.
 D) Containers provide more security than hypervisors.

Answer: B
Explanation: Containers are lightweight, start quickly, and can be easily orchestrated
and scaled, which makes them highly suitable for microservices architectures.

15. Which of the following correctly describes continuous delivery (CD) in the
context of CI/CD?

 A) It automatically deploys code into production after every successful build.

 B) It ensures that code is always ready to be deployed but does not necessarily deploy it
automatically.
 C) It only applies to front-end code.
 D) It eliminates the need for version control.

Answer: B
Explanation: Continuous delivery (CD) ensures that code is always ready for
deployment, but does not automatically deploy it to production. This deployment
decision can be made manually.

16. Which technology is primarily used to create isolated environments for

applications in containerization?

 A) Virtual Machines
 B) Hypervisors
 C) Kernel Namespaces and Control Groups (cgroups)
 D) Bare-metal servers

Answer: C
Explanation: Containerization uses Kernel Namespaces and Control Groups
(cgroups) to isolate applications and their resources, unlike traditional hypervisor-based
virtual machines.

205 | P a g e
17. How does network virtualization differ from traditional networking?

 A) It provides network functionality entirely in hardware.

 B) It abstracts network functions from physical hardware and allows them to be managed
as software.
 C) It requires dedicated servers to manage network traffic.
 D) It eliminates the need for routers and switches.

Answer: B
Explanation: Network virtualization abstracts network resources from physical
hardware, allowing them to be managed as software-defined components, leading to
greater flexibility and scalability.

18. What is the key role of Continuous Integration (CI) in the software
development lifecycle?

 A) To automatically deploy software into production

 B) To ensure that the code is tested every time a developer makes changes
 C) To manage code dependencies between different modules
 D) To perform static code analysis

Answer: B
Explanation: Continuous Integration (CI) ensures that code is tested and validated
every time a developer pushes changes, which helps identify integration issues early in
the development lifecycle.

19. Which of the following is an advantage of using containers over virtual

machines in CI/CD pipelines?

 A) Containers are easier to secure.

 B) Containers start faster and consume fewer resources.
 C) Containers provide more isolation than VMs.
 D) Containers work only in public clouds.

Answer: B
Explanation: Containers have lower resource overhead and start much faster than
virtual machines, making them more suitable for fast-paced CI/CD pipelines.

206 | P a g e
20. What is a key feature of para-virtualization that distinguishes it from full
virtualization?

 A) It runs guest operating systems without any modification.

 B) It requires the guest OS to be aware of the virtualization.
 C) It does not use a hypervisor.
 D) It offers the same level of performance as bare-metal hardware.

Answer: B
Explanation: In para-virtualization, the guest OS is aware of the virtualization and
collaborates with the hypervisor to improve performance, unlike full virtualization which
abstracts the hardware layer completely.

21. What is the primary benefit of using container orchestration tools like
Kubernetes in a cloud-native environment?

 A) They provide better security for containers.

 B) They automate deployment, scaling, and management of containerized applications.
 C) They reduce the need for virtual machines.
 D) They ensure that containers are immutable.

Answer: B
Explanation: Kubernetes and other orchestration tools automate the deployment,
scaling, and management of containers, which simplifies running complex applications in
cloud-native environments.

22. Which of the following best describes "Type 1 Hypervisor"?

 A) It requires an existing operating system to run.

 B) It is installed directly on bare-metal hardware and manages the virtual machines
directly.
 C) It is slower and less efficient than Type 2 hypervisors.
 D) It requires a guest operating system to manage hardware resources.

Answer: B
Explanation: A Type 1 Hypervisor (bare-metal hypervisor) runs directly on the
physical hardware, offering better performance and efficiency than Type 2 hypervisors,
which run on top of a host OS.

207 | P a g e
23. Which feature distinguishes Virtual Machines (VMs) from containers in
cloud environments?

 A) VMs have higher resource efficiency than containers.

 B) VMs virtualize entire hardware, while containers virtualize at the OS level.
 C) VMs start faster than containers.
 D) VMs provide better security than containers.

Answer: B
Explanation: Virtual Machines virtualize an entire operating system and hardware,
while containers only virtualize at the OS level, sharing the host OS kernel, which
makes them more lightweight and efficient.

24. What role does Continuous Integration (CI) play in a CI/CD pipeline?

 A) Automates deployment of applications in production environments.

 B) Ensures all code changes are automatically merged into the master branch.
 C) Automates the testing and validation of new code commits to detect errors early.
 D) Reduces the need for manual code reviews.

Answer: C
Explanation: Continuous Integration (CI) automates the testing and validation of
code changes, ensuring that new commits do not break the build and errors are detected
early in the development process.

25. In which type of virtualization do guest operating systems need to be aware of

the virtualized environment to interact efficiently with the hypervisor?

 A) Full Virtualization
 B) Para-Virtualization
 C) Network Virtualization
 D) Desktop Virtualization

Answer: B
Explanation: In Para-Virtualization, the guest OS is aware of the virtualization and
works in coordination with the hypervisor for better performance. Full virtualization
abstracts this interaction completely.

208 | P a g e
26. Which of the following is a characteristic of server-based virtualization?

 A) It uses physical servers to run multiple applications directly without virtualization.

 B) It abstracts multiple virtual servers from a single physical server.
 C) It requires special hardware to manage resources.
 D) It is more secure than hypervisor-based virtualization.

Answer: B
Explanation: Server-based virtualization abstracts multiple virtual servers from a
single physical server, enabling better resource utilization and isolation of different
services.

27. What is the main difference between "Full Virtualization" and "Para-
Virtualization"?

 A) Full virtualization modifies the guest OS, whereas para-virtualization does not.
 B) Full virtualization requires hardware support, whereas para-virtualization can run on
any hardware.
 C) Para-virtualization modifies the guest OS, whereas full virtualization does not.
 D) Para-virtualization offers less performance overhead than full virtualization.

Answer: C
Explanation: Para-virtualization modifies the guest OS to interact more efficiently
with the hypervisor, while in Full Virtualization, the guest OS remains unmodified, and
the hypervisor handles all interactions.

28. Which of the following best describes "Serverless Computing"?

 A) Running applications without virtual machines.

 B) Running applications without needing to manage servers.
 C) Running applications directly on the client's hardware.
 D) Running applications on a virtual server without direct interaction.

Answer: B
Explanation: Serverless computing enables developers to run applications without
managing the underlying server infrastructure. The cloud provider handles the server
management, scaling, and resource allocation.

209 | P a g e
29. Which of the following is a key advantage of using containers for
microservices?

 A) Containers provide stronger isolation than virtual machines.

 B) Containers allow each microservice to be packaged with all its dependencies,
improving portability and consistency across environments.
 C) Containers are more secure than hypervisors.
 D) Containers require less orchestration than virtual machines.

Answer: B
Explanation: Containers allow each microservice to be packaged with its
dependencies, ensuring that it runs consistently across different environments, making
them ideal for microservices architectures.

30. What is the key difference between "Network Virtualization" and "Storage
Virtualization"?

 A) Network virtualization involves virtualizing the entire network, while storage

virtualization virtualizes hardware devices.
 B) Network virtualization provides better performance, while storage virtualization
improves scalability.
 C) Network virtualization abstracts network resources, while storage virtualization
abstracts storage devices.
 D) Network virtualization reduces latency, while storage virtualization increases security.

Answer: C
Explanation: Network virtualization abstracts and manages network resources as
software-defined components, while storage virtualization abstracts storage devices,
making them appear as a unified storage resource.

31. Which of the following statements is true about "Type 1" hypervisors?

 A) They can run on top of a host operating system.

 B) They are also known as bare-metal hypervisors and provide high performance.
 C) They are less efficient than Type 2 hypervisors.
 D) They require para-virtualization to work efficiently.

Answer: B
Explanation: Type 1 Hypervisors are installed directly on the bare-metal hardware,
offering higher performance and efficiency compared to Type 2 Hypervisors, which
run on top of an existing OS.

210 | P a g e
32. In a virtualized environment, what is the purpose of "Live Migration"?

 A) To transfer a virtual machine's data from one network to another.

 B) To move a virtual machine from one physical host to another without downtime.
 C) To increase the security of a virtual machine by changing its location.
 D) To replicate a virtual machine across multiple hosts.

Answer: B
Explanation: Live Migration is the process of moving a virtual machine from one
physical host to another without downtime, ensuring service continuity during host
maintenance or load balancing.

33. What is the role of a "Service Mesh" in a containerized microservices

architecture?

 A) To virtualize the hardware resources of the containers.

 B) To provide secure, reliable communication between microservices.
 C) To manage storage across multiple containers.
 D) To orchestrate the deployment of containers across different hosts.

Answer: B
Explanation: A Service Mesh provides secure, reliable communication between
microservices, handling tasks such as load balancing, encryption, and monitoring within
a containerized architecture.

34. Which of the following describes "Network Address Translation (NAT)" in a

cloud environment?

 A) It assigns a public IP address to a private IP address.

 B) It hides multiple devices behind a single public IP address.
 C) It enables network communication between different cloud providers.
 D) It reduces network latency between virtual machines.

Answer: B
Explanation: NAT allows multiple devices with private IP addresses to communicate
with the internet using a single public IP address, effectively hiding internal network
details.

211 | P a g e
35. In CI/CD pipelines, what is the purpose of continuous deployment?

 A) To automatically deploy every validated change to production.

 B) To manually review and deploy code to production.
 C) To integrate security checks during code deployment.
 D) To roll back faulty deployments in production.

Answer: A
Explanation: Continuous deployment automates the process of deploying every
validated change to production without manual intervention, ensuring rapid release
cycles.

36. What is the primary difference between Full Virtualization and Hardware-
Assisted Virtualization?

 A) Full virtualization requires modifications to the guest OS, while hardware-assisted

does not.
 B) Hardware-assisted virtualization uses CPU extensions to optimize performance.
 C) Full virtualization provides better isolation than hardware-assisted virtualization.
 D) Hardware-assisted virtualization is limited to server environments.

Answer: B
Explanation: Hardware-assisted virtualization uses CPU extensions (e.g., Intel VT-x,
AMD-V) to improve the performance of virtual machines by enabling better hardware
access, unlike full virtualization, which emulates hardware.

37. Which of the following is a benefit of using CI/CD pipelines in software

development?

 A) Manual testing can be eliminated.

 B) Faster detection of bugs and issues.
 C) Manual deployments become more frequent.
 D) The need for DevOps is reduced.

Answer: B
Explanation: CI/CD pipelines enable the faster detection of bugs and issues by
automating testing, validation, and deployment processes, which helps in improving the
overall software quality.

212 | P a g e
38. Which of the following best describes "Bare-Metal as a Service (BMaaS)"?

 A) A cloud service model that provides physical servers for customer workloads without
a hypervisor.
 B) A virtualization service that optimizes hardware resources.
 C) A service that offers both physical and virtual servers for load balancing.
 D) A cloud service that abstracts hardware using a hypervisor.

Answer: A
Explanation: BMaaS provides customers with physical servers without a hypervisor,
allowing them to run workloads directly on bare-metal hardware.

39. Which of the following is a key benefit of using "Containers" in a

microservices architecture?

 A) Containers provide better isolation than VMs.

 B) Containers reduce startup time and resource overhead.
 C) Containers allow multiple applications to share the same OS kernel.
 D) Containers simplify the physical server management.

Answer: B
Explanation: Containers reduce startup time and have lower resource overhead
compared to virtual machines, making them ideal for fast deployment in microservices
architectures.

40. What is the primary purpose of "Container Orchestration"?

 A) To secure containers at runtime.

 B) To automate the deployment, scaling, and management of containerized applications.
 C) To provide virtual machine-level isolation for containers.
 D) To create and destroy containers as needed.

Answer: B
Explanation: Container orchestration tools, like Kubernetes, automate the
deployment, scaling, and management of containerized applications, enabling efficient
operation of large-scale, distributed systems.

213 | P a g e
Real life situational mcqs from the whole syllabus:

1. Your company is running multiple web applications on virtual machines.

During high traffic, the performance drops significantly. What is the most likely
cause, and what would you recommend to improve performance?

 A) The VMs are not properly sized, and you should add more memory to each.
 B) The web applications are not optimized, and code refactoring is needed.
 C) The physical server hosting the VMs is over-utilized, and load balancing across
multiple servers is required.
 D) The applications are encountering network bottlenecks, and you should upgrade
network bandwidth.

Answer: C
Explanation: The likely cause is the physical server hosting the virtual machines being
over-utilized. A solution would be to implement load balancing across multiple servers
to distribute traffic and resources more efficiently.

2. Your team is building a large-scale web service using a microservices

architecture. The team faces challenges with managing service-to-service
communication and ensuring secure communication. Which tool or technology
would best address this issue?

 A) Virtual Machines
 B) Service Mesh (e.g., Istio)
 C) CI/CD pipelines
 D) Container Orchestration (e.g., Kubernetes)

Answer: B
Explanation: A Service Mesh (e.g., Istio) provides a framework for managing service-
to-service communication, handling traffic routing, security, and observability, making
it ideal for microservices architectures.

3. You are asked to scale an application in the cloud to handle sudden traffic
spikes. The application is containerized and deployed in a Kubernetes cluster.
What is the best method to ensure smooth scaling during traffic spikes?

 A) Manually adding more containers during spikes.

 B) Using Kubernetes' Horizontal Pod Autoscaler to automatically scale based on CPU
usage.

214 | P a g e
  C) Upgrading the server hardware to handle more containers.
 D) Migrating the application to virtual machines for better resource allocation.

Answer: B
Explanation: Kubernetes' Horizontal Pod Autoscaler can automatically scale pods
based on resource usage (e.g., CPU, memory), allowing the application to efficiently
handle traffic spikes without manual intervention.

4. A financial services company needs to deploy its applications in an

environment where it can manage its own infrastructure, maintain full control,
and meet regulatory compliance. What type of cloud deployment model would
you recommend?

 A) Public Cloud
 B) Private Cloud
 C) Hybrid Cloud
 D) Multi-Cloud

Answer: B
Explanation: A Private Cloud is ideal for organizations like financial services
companies that need to maintain full control over their infrastructure and comply with
regulatory requirements while benefiting from cloud services.

5. A software development team is deploying updates to their applications

frequently, and they want to minimize downtime. They also need an automated
rollback process if something goes wrong. Which practice should they implement
in their CI/CD pipeline?

 A) Continuous Integration
 B) Blue-Green Deployment
 C) Full Virtualization
 D) Manual Rollback Process

Answer: B
Explanation: Blue-Green Deployment minimizes downtime by keeping two
environments (blue and green) and switching between them for updates. If something
goes wrong, they can quickly roll back to the previous environment.

215 | P a g e
6. Your company is transitioning from traditional on-premise servers to cloud
infrastructure and needs to ensure data security during transit and at rest.
Which combination of security practices would best ensure this?

 A) Use of a private cloud and hardware-based firewalls.

 B) Data encryption at rest and SSL/TLS for data in transit.
 C) Installing antivirus software on cloud servers.
 D) Using public key infrastructure (PKI) and disk encryption.

Answer: B
Explanation: For cloud infrastructure, data encryption at rest (e.g., using AES-256)
and SSL/TLS for data in transit ensures that data is protected both in storage and
during transmission, meeting best security practices.

7. You are in charge of migrating your company’s legacy applications to a cloud

provider. One of the applications has strict compliance requirements and must
not share infrastructure with other tenants. Which type of cloud model would
best meet this requirement?

 A) Public Cloud
 B) Hybrid Cloud
 C) Community Cloud
 D) Private Cloud

Answer: D
Explanation: A Private Cloud would ensure that the application has dedicated
infrastructure, which helps meet compliance requirements by preventing resource
sharing with other tenants.

8. Your organization experiences frequent issues with virtual machines crashing

due to overutilization of hardware resources. You suspect that the current
hypervisor is unable to efficiently handle resource allocation. What type of
virtualization could improve resource management?

 A) Type 1 Hypervisor
 B) Type 2 Hypervisor
 C) Para-Virtualization
 D) Full Virtualization

Answer: C
Explanation: Para-Virtualization can improve resource management because the guest

216 | P a g e
 OS is aware of the virtualized environment and can interact with the hypervisor more
efficiently, reducing overhead and improving performance.

9. A tech startup is developing a web app and wants to ensure it can scale easily
as user demand grows. They have a limited budget for infrastructure and do not
want to manage servers themselves. Which cloud service model would be most
appropriate?

 A) IaaS (Infrastructure as a Service)

 B) PaaS (Platform as a Service)
 C) SaaS (Software as a Service)
 D) On-Premise Deployment

Answer: B
Explanation: PaaS (Platform as a Service) offers the application platform without the
need to manage the underlying infrastructure, making it ideal for startups that want to
focus on development and scalability without dealing with servers.

10. Your company has a large amount of structured and unstructured data, and
you need to implement a backup solution that allows for fast recovery of specific
data in case of a failure. What solution would best meet this need?

 A) Full Backups performed weekly

 B) Incremental Backups with daily snapshots
 C) RAID 0 setup for storage redundancy
 D) Manual Backup to external hard drives

Answer: B
Explanation: Incremental Backups with daily snapshots allow fast recovery of specific
data since only changed data is backed up daily, reducing storage usage and improving
recovery times for large datasets.

11. Your organization requires a remote workforce to access company resources

securely from various locations. What network security protection should be
implemented to ensure secure access?

 A) VLANs (Virtual Local Area Networks)

 B) Remote Access VPN
 C) Stateful Firewalls

217 | P a g e
  D) NAT (Network Address Translation)

Answer: B
Explanation: A Remote Access VPN provides a secure connection for remote workers
to access company resources by encrypting traffic between the user and the
organization's network, ensuring data security.

12. Your organization is experiencing latency issues when accessing data stored
on traditional HDDs in your data center. To improve performance, what would
be the best approach?

 A) Migrate the data to SSDs for faster access times.

 B) Increase the cache size on the existing HDDs.
 C) Install RAID 5 on the HDDs for redundancy.
 D) Use cloud storage to offload data.

Answer: A
Explanation: SSDs (Solid State Drives) have significantly faster access times and
lower latency compared to traditional HDDs, making them ideal for improving
performance in data-heavy applications.

13. A company is concerned about data breaches and requires additional

security for sensitive information stored on public cloud servers. Which solution
would you recommend to protect their data at rest?

 A) Implement a firewall around cloud resources.

 B) Use SSL/TLS certificates.
 C) Encrypt data at rest with advanced encryption (e.g., AES-256).
 D) Use multi-factor authentication for cloud access.

Answer: C
Explanation: Encrypting data at rest with AES-256 or similar encryption standards
ensures that data stored on public cloud servers remains secure, even if unauthorized
access occurs.

14. Your team is planning to deploy a containerized application across multiple

cloud providers to ensure availability. Which of the following approaches would
help ensure the application's high availability and resilience?

218 | P a g e
  A) Using a multi-cloud strategy with load balancing across providers.
 B) Deploying the application on VMs with high availability.
 C) Migrating the application to a single, more reliable cloud provider.
 D) Using Kubernetes to automate container scaling within a single cloud provider.

Answer: A
Explanation: A multi-cloud strategy with load balancing across providers ensures
high availability and resilience, even if one cloud provider experiences an outage, the
others can take over.

15. Your organization runs several applications on a hybrid cloud infrastructure.

Recently, one of the public cloud environments experienced downtime. What
strategy should you implement to ensure continuous application availability in
the future?

 A) Implement failover to a private cloud in case of public cloud downtime.

 B) Migrate all applications to the private cloud.
 C) Set up a backup environment on a different public cloud provider.
 D) Move applications to a more reliable public cloud provider.

Answer: A
Explanation: Implementing failover to a private cloud in case of public cloud
downtime ensures continuous availability of applications in a hybrid cloud
environment, leveraging both public and private resources.

16. Your organization is considering using Network Address Translation (NAT)

to enable internal systems to access the internet while maintaining internal
network security. Which of the following would be a primary benefit of
implementing NAT?

 A) Increased network speed.

 B) Improved internal network security by masking internal IP addresses.
 C) Load balancing across multiple servers.
 D) Decreased latency for internal traffic.

Answer: B
Explanation: NAT improves internal network security by masking internal IP
addresses, allowing multiple devices to share a single public IP when accessing the
internet, thus hiding the internal network structure.

219 | P a g e
17. Your organization wants to implement a solution that allows internal
developers to build, test, and deploy applications automatically, while also
integrating code changes frequently. What would be the best practice to achieve
this?

 A) Manual deployment with version control.

 B) Continuous Integration/Continuous Deployment (CI/CD).
 C) Virtual Machines for each developer.
 D) Full backup of source code before each deployment.

Answer: B
Explanation: CI/CD pipelines automate the process of building, testing, and deploying
applications, ensuring that code changes are integrated frequently, leading to faster
release cycles and fewer integration issues.

18. You are asked to ensure compliance with company data security policies,
especially regarding data storage in cloud environments. Which of the following
would best ensure that only authorized personnel can access sensitive data?

 A) Implementing encryption keys for all cloud data.

 B) Setting up Identity and Access Management (IAM) policies with Role-Based Access
Control (RBAC).
 C) Using a public cloud with firewalls and encryption.
 D) Deploying multi-factor authentication (MFA) for user login.

Answer: B
Explanation: IAM policies with Role-Based Access Control (RBAC) ensure that only
authorized personnel have access to specific cloud resources based on their roles,
enhancing compliance and security.

19. Your company uses a wide range of internet application protocols, including
FTP and Telnet, but has recently identified security vulnerabilities. What is the
best course of action to secure the protocols?

 A) Migrate to encrypted versions such as SFTP and SSH.

 B) Increase firewall rules for FTP and Telnet.
 C) Use VPNs for all FTP and Telnet connections.

220 | P a g e
  D) Implement IDS/IPS for monitoring the protocols.

Answer: A
Explanation: Migrating to encrypted versions like SFTP (for FTP) and SSH (for Telnet)
significantly enhances security by encrypting data transmissions, thereby protecting
against vulnerabilities in plain-text protocols.

20. Your company's web servers experience increased traffic, and the load on the
network devices becomes critical. The current network setup uses a single
gateway and router. What approach would improve the situation?

 A) Installing a second router for redundancy.

 B) Implementing load balancing across multiple routers and gateways.
 C) Upgrading the existing router to a faster model.
 D) Using a hub instead of a router to distribute the traffic.

Answer: B
Explanation: Load balancing across multiple routers and gateways distributes the
traffic efficiently, preventing overloading of individual devices and improving overall
network performance.

21. Your team is developing a mobile application that requires fast access to user
profiles stored in a large database. Which data structure would be most efficient
for this purpose, and why?

 A) Array
 B) Linked List
 C) Hash Table
 D) Binary Search Tree

Answer: C
Explanation: A Hash Table provides O(1) average time complexity for lookups,
making it efficient for fast access to user profiles compared to other structures.

22. During the development of a web application, you need to ensure that user
sessions are managed securely. Which of the following techniques would be most
effective in preventing session hijacking?

 A) Using HTTP instead of HTTPS

221 | P a g e
  B) Implementing cookies with the Secure and HttpOnly flags
 C) Allowing users to choose their session timeout
 D) Storing session data in local storage

Answer: B
Explanation: Using cookies with the Secure and HttpOnly flags helps prevent session
hijacking by ensuring cookies are only sent over HTTPS and are not accessible via
JavaScript.

23. You are tasked with designing a system that allows different shapes (like
circles, squares, and triangles) to be drawn. Which object-oriented programming
concept would you utilize to ensure that common behaviors are inherited while
allowing specific behaviors for each shape?

 A) Composition
 B) Abstraction
 C) Inheritance
 D) Polymorphism

Answer: C
Explanation: Inheritance allows you to create a base class (e.g., Shape) that defines
common behaviors, while derived classes (e.g., Circle, Square) implement specific
behaviors.

24. While testing a new feature in your application, you notice that the new code
affects existing functionality. Which testing approach would be most appropriate
to identify this issue?

 A) Unit Testing
 B) Regression Testing
 C) Black Box Testing
 D) White Box Testing

Answer: B
Explanation: Regression Testing ensures that new code changes do not adversely affect
existing functionality, making it suitable for identifying issues caused by new features.

222 | P a g e
25. Your application has to process a large amount of data and perform sorting
operations frequently. Which sorting algorithm should you choose if you need
the best average-case performance?

 A) Bubble Sort
 B) Insertion Sort
 C) Quick Sort
 D) Selection Sort

Answer: C
Explanation: Quick Sort has an average-case time complexity of O(n log n), making it
more efficient for sorting large datasets compared to the other options listed.

26. You are designing a web application that needs to fetch user data from a
server asynchronously. Which technology would be best suited for this purpose?

 A) HTML5
 B) AJAX
 C) CSS
 D) SQL

Answer: B
Explanation: AJAX (Asynchronous JavaScript and XML) allows for asynchronous
communication with the server to fetch user data without reloading the page.

27. Your development team uses Git for version control. One developer
accidentally pushes a broken feature to the main branch. What is the best way to
revert the repository to the last stable commit?

 A) Use git checkout to revert files manually.

 B) Use git revert to create a new commit that undoes the changes.
 C) Delete the branch and create a new one.
 D) Force push the previous commit to the remote repository.

Answer: B
Explanation: git revert safely undoes the changes introduced by the last commit
without altering the project history, creating a new commit that reverts the broken
feature.

223 | P a g e
28. You need to optimize the performance of a binary search tree (BST) after
multiple insertions. What should you consider doing?

 A) Perform a breadth-first search (BFS).

 B) Convert the BST into a balanced tree, such as an AVL tree.
 C) Delete all the leaf nodes.
 D) Replace the BST with a hash table.

Answer: B
Explanation: Converting the BST into a balanced tree (like an AVL tree) ensures that
operations remain efficient with time complexity close to O(log n), optimizing
performance after multiple insertions.

29. Your team is tasked with ensuring that data consistency is maintained during
transactions in a banking application. Which database property is most relevant
in this scenario?

 A) Atomicity
 B) Isolation
 C) Durability
 D) Consistency

Answer: D
Explanation: The Consistency property ensures that a transaction takes the database
from one valid state to another, maintaining data integrity, which is crucial for banking
applications.

30. You are developing a web application that allows users to upload images.
What is the best approach to validate the uploaded files to ensure security?

 A) Allow any file type and validate the content after upload.
 B) Restrict file uploads based on MIME type and file extensions.
 C) Use client-side validation only.
 D) Store all files on the server without validation.

Answer: B
Explanation: Restricting file uploads based on MIME types and file extensions helps
prevent malicious files from being uploaded, enhancing the application's security.

224 | P a g e
31. Your organization is using a microservices architecture, and one service
needs to communicate with another. Which method would be best for this inter-
service communication?

 A) Direct database access

 B) REST API calls
 C) Shared file storage
 D) Remote desktop connections

Answer: B
Explanation: REST API calls provide a stateless, lightweight, and scalable method for
microservices to communicate with one another while adhering to best practices.

32. While working with a linked list, you need to frequently add and remove
nodes from both ends. Which data structure would be the most efficient choice?

 A) Singly Linked List

 B) Doubly Linked List
 C) Array
 D) Stack

Answer: B
Explanation: A Doubly Linked List allows for efficient insertion and deletion at both
ends due to its bidirectional pointers, making it ideal for this requirement.

33. You are conducting a security review of your web application and discover it
is vulnerable to XSS attacks. Which approach should you take to mitigate this
vulnerability?

 A) Increase session timeouts.

 B) Validate and sanitize user inputs and encode outputs.
 C) Use only HTTPS for communication.
 D) Implement CAPTCHA on forms.

Answer: B
Explanation: Validating and sanitizing user inputs and encoding outputs is crucial for
preventing XSS attacks by ensuring that any injected scripts are not executed.

225 | P a g e
34. You are designing a web application that requires users to log in securely.
Which method would provide the best security for storing user passwords?

 A) Storing passwords in plain text

 B) Encrypting passwords using symmetric encryption
 C) Hashing passwords with a strong hashing algorithm (e.g., bcrypt)
 D) Using a cookie to store passwords

Answer: C
Explanation: Hashing passwords with a strong algorithm (like bcrypt) ensures that
passwords are stored securely and cannot be easily retrieved, even if the database is
compromised.

35. You need to implement a caching mechanism for frequently accessed data in
your application. Which caching strategy would be most effective for improving
performance?

 A) Cache all data permanently.

 B) Use a time-based expiration policy (TTL).
 C) Store cache data in a relational database.
 D) Avoid caching to ensure data consistency.

Answer: B
Explanation: A time-based expiration policy (TTL) allows cached data to remain for a
specified duration, ensuring that frequently accessed data is available quickly while still
allowing for updates.

36. While working on an e-commerce website, you encounter a need to apply

design patterns to promote code reusability. Which design pattern would you use
to create a family of related objects without specifying their concrete classes?

 A) Singleton Pattern
 B) Factory Pattern
 C) Observer Pattern
 D) Decorator Pattern

Answer: B
Explanation: The Factory Pattern allows you to create a family of related objects
without specifying their concrete classes, promoting flexibility and reusability in the
codebase.

226 | P a g e
37. Your application needs to perform a complex query that retrieves related
data from multiple tables. What is the most appropriate SQL operation to
achieve this?

 A) SELECT with JOIN operations

 B) UPDATE command
 C) CREATE TABLE operation
 D) DROP TABLE operation

Answer: A
Explanation: Using JOIN operations in a SELECT statement allows you to retrieve
related data from multiple tables efficiently, which is essential for complex queries.

38. During a software development lifecycle (SDLC), your team is in the

requirement analysis phase and stakeholders have conflicting needs. What is the
best approach to resolve this conflict?

 A) Prioritize the needs of the most powerful stakeholder.

 B) Conduct meetings to facilitate discussions and gather feedback.
 C) Ignore the conflicting needs for now.
 D) Design the system with the simplest requirements first.

Answer: B
Explanation: Conducting meetings to facilitate discussions allows for effective
communication among stakeholders, helping to resolve conflicts and gather
comprehensive feedback.

39. Your team is experiencing issues with database transactions not being rolled
back properly. What property of a transaction is crucial to address this issue?

 A) Consistency
 B) Isolation
 C) Durability
 D) Atomicity

Answer: D
Explanation: The Atomicity property ensures that a transaction is treated as a single
unit, meaning that if any part of the transaction fails, the entire transaction is rolled back,
maintaining data integrity.

227 | P a g e
40. In your project, you need to ensure that updates to the same piece of data do
not result in lost changes due to concurrent transactions. What mechanism
would you implement to handle this?

 A) Optimistic Locking
 B) Synchronous Transactions
 C) Eventual Consistency
 D) Direct Database Access

Answer: A
Explanation: Optimistic Locking is a concurrency control mechanism that assumes
transactions will not conflict, allowing for a check before committing changes to prevent
lost updates.

41. A server is running multiple applications simultaneously, and users are

reporting slow performance. Which operating system feature could be causing
this issue, and what can you do to resolve it?

 A) System Calls; Increase CPU speed.

 B) Processes; Reduce the number of running applications.
 C) Threads; Implement multi-threading.
 D) Concurrency; Increase memory size.

Answer: C
Explanation: Implementing multi-threading can improve performance by allowing
applications to handle multiple tasks concurrently, making better use of CPU resources.

42. You notice that a process in your system is stuck in a waiting state, and it
cannot proceed. What could be the cause, and which technique can help to
address it?

 A) Deadlock; Implement a deadlock detection algorithm.

 B) Cache Miss; Increase cache size.
 C) Thread Starvation; Increase priority of threads.
 D) High CPU Usage; Upgrade the processor.

Answer: A
Explanation: The situation describes a deadlock where processes are stuck waiting for

228 | P a g e
 each other. Implementing a deadlock detection algorithm can help identify and resolve
the issue.

43. You need to optimize the performance of your system's memory. Which
technique would be most effective in reducing the number of page faults?

 A) Implementing FIFO page replacement.

 B) Using LRU page replacement.
 C) Increasing the size of the cache.
 D) Reducing the size of the virtual memory.

Answer: B
Explanation: Using Least Recently Used (LRU) page replacement is effective in
reducing page faults by keeping frequently accessed pages in memory.

44. Your application is experiencing latency due to I/O operations. Which I/O
scheduling algorithm would likely improve performance for a workload with
many read requests?

 A) FCFS
 B) SSTF
 C) SCAN
 D) CLOOK

Answer: B
Explanation: Shortest Seek Time First (SSTF) reduces latency for read requests by
selecting the I/O request closest to the current head position, minimizing the movement
of the read/write head.

45. A virtual machine (VM) is running out of resources, causing slow

performance. What is the best practice to ensure optimal performance?

 A) Allocate more CPU cores to the VM.

 B) Increase the size of the VM's virtual disk.
 C) Reduce the number of processes running in the VM.
 D) Limit the memory usage of the VM.

229 | P a g e
 Answer: A
Explanation: Allocating more CPU cores to the VM can help distribute the workload
more efficiently and improve overall performance.

46. During a routine check, you discover that your database backups are not
completing successfully. Which best practice should you implement to ensure
successful backups?

 A) Increase the backup frequency.

 B) Use compression to reduce backup size.
 C) Monitor backup logs for errors.
 D) Store backups on the same server.

Answer: C
Explanation: Monitoring backup logs for errors is crucial to identify issues and ensure
that backups are completed successfully and reliably.

47. Your organization is moving to a cloud infrastructure and needs to choose

between SSD and HDD for storage. Which type of storage would you recommend
for high-performance applications?

 A) SSD
 B) HDD
 C) Both SSD and HDD
 D) None; Use tape storage.

Answer: A
Explanation: Solid State Drives (SSDs) provide faster data access and lower latency
compared to Hard Disk Drives (HDDs), making them ideal for high-performance
applications.

48. In your Unix/Linux environment, you need to manage processes that are not
responding. What command would you use to terminate a specific process?

 A) killall
 B) ps
 C) top
 D) ls

230 | P a g e
 Answer: A
Explanation: The killall command can terminate all processes with a specified name
or ID, allowing you to manage unresponsive processes effectively.

49. You are tasked with improving the security of your servers. Which practice is
essential for ensuring compliance with security controls?

 A) Regularly updating software and patches.

 B) Disabling firewalls for better performance.
 C) Using default passwords for all applications.
 D) Limiting access to only administrators.

Answer: A
Explanation: Regularly updating software and applying patches is crucial for
maintaining security and compliance by addressing vulnerabilities.

50. A critical application requires high availability. Which infrastructure

strategy should you implement to ensure minimal downtime?

 A) Use a single server for all applications.

 B) Implement load balancing and failover systems.
 C) Limit server access to administrators only.
 D) Schedule regular downtime for maintenance.

Answer: B
Explanation: Implementing load balancing and failover systems enhances application
availability by distributing workloads and ensuring that a backup system is available in
case of failure.

51. Your system is using the Round Robin CPU scheduling algorithm. What
effect does this have on process management?

 A) Ensures maximum throughput for short processes.

 B) Minimizes response time for interactive processes.
 C) Provides equal CPU time to all processes in a cyclic order.
 D) Guarantees that all processes will complete execution.

Answer: C
Explanation: Round Robin scheduling allocates equal CPU time to all processes in a
cyclic order, providing fairness in CPU allocation.
231 | P a g e
52. You are designing a backup strategy for a critical database. Which backup
type ensures that you can restore the database to a specific point in time?

 A) Full Backup
 B) Incremental Backup
 C) Differential Backup
 D) Snapshot Backup

Answer: D
Explanation: A Snapshot Backup captures the state of the database at a specific point in
time, allowing for precise restoration when needed.

53. While configuring network components, you discover that inter-process

communication is lagging. Which technique can improve communication
between processes?

 A) Using semaphores.
 B) Implementing file I/O.
 C) Using shared memory.
 D) Increasing thread priority.

Answer: C
Explanation: Shared memory allows multiple processes to access the same memory
space, enabling faster communication compared to other methods like file I/O.

54. In a scenario where multiple applications are competing for CPU time, which
CPU scheduling algorithm would be most effective in minimizing wait time?

 A) FCFS
 B) SJF
 C) Round Robin
 D) Priority Scheduling

Answer: B
Explanation: Shortest Job First (SJF) minimizes average wait time by prioritizing
shorter jobs, leading to improved responsiveness in a multi-application environment.

232 | P a g e
55. You are troubleshooting a system that is running slowly due to high memory
usage. Which technique would help you identify which processes are consuming
the most memory?

 A) Use the df command.

 B) Use the top command.
 C) Use the ping command.
 D) Use the chmod command.

Answer: B
Explanation: The top command provides a dynamic view of system processes and their
resource consumption, helping to identify memory hogs.

56. Your team is considering implementing a storage solution for virtual

machines. Which type of storage would offer the best performance for VM
deployment?

 A) Network-attached storage (NAS)

 B) Direct-attached storage (DAS)
 C) Object storage
 D) Tape storage

Answer: B
Explanation: Direct-attached storage (DAS) provides high-speed access to storage,
making it ideal for deploying virtual machines efficiently.

57. During system performance testing, you notice that the cache hit ratio is low.
What is a possible solution to improve cache performance?

 A) Increase the size of the cache.

 B) Reduce the number of cached items.
 C) Switch to secondary storage.
 D) Decrease the clock speed of the CPU.

Answer: A
Explanation: Increasing the size of the cache allows more data to be stored and accessed
quickly, improving the cache hit ratio and overall performance.

233 | P a g e
58. In a scenario where users experience long delays when accessing files, which
disk scheduling algorithm would help reduce these delays?

 A) FCFS
 B) SSTF
 C) Round Robin
 D) LRU

Answer: B
Explanation: Shortest Seek Time First (SSTF) minimizes delays by servicing the
closest disk requests first, reducing the average wait time for file access.

59. You are deploying a web application that requires high throughput and low
latency. Which caching strategy would you implement to enhance performance?

 A) Read-through caching.
 B) Write-back caching.
 C) No caching.
 D) Distributed caching.

Answer: D
Explanation: Distributed caching allows data to be cached across multiple servers,
improving throughput and reducing latency for web applications.

60. A critical business application is experiencing frequent downtime. Which

infrastructure component should you prioritize upgrading to enhance reliability?

 A) Networking components
 B) Backup systems
 C) Storage devices
 D) CPU

Answer: C
Explanation: Upgrading storage devices can enhance reliability and reduce downtime,
especially if slow or failing disks are causing application issues.

61. A company needs to deploy a customer relationship management (CRM) system that will
allow remote employees to access the application from anywhere. They need scalability,
security, and don't want to manage infrastructure. Which type of cloud service is most suitable
for this requirement?
234 | P a g e
A. IaaS
B. PaaS
C. SaaS
D. Public Cloud

Answer: C (SaaS)
Explanation: SaaS (Software as a Service) allows companies to use software applications over
the internet without managing infrastructure.

62. An organization runs its database on a public cloud but hosts sensitive internal data on a
private cloud. It needs to move data between these clouds securely. Which type of cloud model
does this describe?

A. Private Cloud
B. Public Cloud
C. Hybrid Cloud
D. Community Cloud

Answer: C (Hybrid Cloud)

Explanation: A hybrid cloud combines private and public clouds, enabling data transfer while
maintaining control over sensitive information.

63. Your company is deploying an e-commerce application. To handle variable traffic, you need
the ability to scale the infrastructure dynamically based on demand. Which cloud characteristic
best supports this requirement?

A. Elasticity
B. High Availability
C. Security
D. Interoperability

Answer: A (Elasticity)
Explanation: Elasticity allows cloud infrastructure to scale up or down automatically in
response to fluctuating workloads.

64. Your development team needs to deploy and manage containers at scale across multiple
environments. They want a system that allows automation, scaling, and maintenance of
containerized applications. Which cloud-native solution should they use?

235 | P a g e
A. Docker
B. Kubernetes
C. Hyper-V
D. VMware

Answer: B (Kubernetes)
Explanation: Kubernetes is an open-source platform for managing and orchestrating
containerized applications across clusters.

65. A startup needs to deploy its applications on a platform that provides both computing
resources and developer tools but does not want to manage the underlying infrastructure. Which
cloud service model fits this scenario?

A. IaaS
B. PaaS
C. SaaS
D. FaaS

Answer: B (PaaS)
Explanation: PaaS (Platform as a Service) provides a platform to develop, test, and deploy
applications without managing the underlying infrastructure.

66. A large enterprise is migrating its on-premises data center to the cloud. They have numerous
virtual machines running different applications, and they want to retain control over their
operating system and storage. Which type of cloud service is suitable for this use case?

A. SaaS
B. PaaS
C. IaaS
D. FaaS

Answer: C (IaaS)
Explanation: IaaS (Infrastructure as a Service) provides control over computing resources like
virtual machines, storage, and networking.

67. Your team is tasked with choosing between Type 1 and Type 2 hypervisors. The
requirement is to run virtual machines directly on the physical hardware for better performance
and resource management. Which type of hypervisor should they choose?

236 | P a g e
A. Type 1 Hypervisor
B. Type 2 Hypervisor
C. Para Virtualization
D. Full Virtualization

Answer: A (Type 1 Hypervisor)

Explanation: Type 1 hypervisors, also called "bare-metal" hypervisors, run directly on the host's
hardware for better performance.

68. You are managing an application with containers that need to communicate with external
APIs securely. Which cloud-native service is most appropriate for managing this API traffic?

A. Virtual Private Network (VPN)

B. API Gateway
C. Load Balancer
D. Network Address Translation (NAT)

Answer: B (API Gateway)

Explanation: An API Gateway manages and secures communication between microservices or
between external APIs and services.

69. Your team is implementing a CI/CD pipeline for deploying microservices. You want to
ensure that each commit automatically triggers a build, runs tests, and deploys the application to
the staging environment. Which practice should you use?

A. Continuous Integration
B. Continuous Delivery
C. Continuous Deployment
D. Automated Testing

Answer: B (Continuous Delivery)

Explanation: Continuous Delivery ensures code changes are automatically tested and prepared
for deployment but requires a manual approval step for production deployment.

70. A company’s infrastructure has multiple virtual machines running on VMware. The
management team wants to switch to containers for better efficiency. What is the primary
advantage of using containers over virtual machines?

A. Better Security
B. Faster Boot Time and Resource Efficiency

237 | P a g e
C. Higher Isolation
D. Easier Management

Answer: B (Faster Boot Time and Resource Efficiency)

Explanation: Containers are lightweight and share the host OS, providing faster startup times
and better resource efficiency compared to VMs.

71. Your development team wants to reduce infrastructure management and focus on code. They
plan to use containers but don’t want to handle container orchestration. Which managed
container service should they use?

A. Docker Swarm
B. Kubernetes
C. AWS Fargate
D. OpenShift

Answer: C (AWS Fargate)

Explanation: AWS Fargate is a serverless compute engine for containers that abstracts
infrastructure management from users.

72. A financial institution wants to run its core banking application on a private cloud to meet
regulatory requirements while allowing the flexibility to use additional compute resources from a
public cloud during peak loads. Which solution should they implement?

A. Public Cloud
B. Private Cloud
C. Hybrid Cloud
D. Community Cloud

Answer: C (Hybrid Cloud)

Explanation: Hybrid Cloud allows organizations to run sensitive workloads on a private cloud
while bursting to the public cloud for additional resources.

73. A large-scale company has distributed data processing tasks across multiple servers. They
need a solution that offers elasticity, flexibility, and faster parallel execution. Which model
should they opt for?

A. Distributed Computing
B. Cloud Computing

238 | P a g e
C. Server-based Virtualization
D. Microservices

Answer: A (Distributed Computing)

Explanation: Distributed Computing divides tasks across multiple machines to process data in
parallel, improving performance and fault tolerance.

74. Your organization is deploying virtual machines (VMs) across a data center and wants to
reduce the overhead that typically comes with running multiple VMs. Which type of
virtualization provides better efficiency by allowing multiple operating systems to run directly on
the host hardware?

A. Full Virtualization
B. Para Virtualization
C. Type 1 Hypervisor
D. Type 2 Hypervisor

Answer: B (Para Virtualization)

Explanation: Para Virtualization provides better performance by optimizing the guest OS to
interact with the hypervisor, reducing overhead.

75. You are tasked with ensuring the continuous integration and deployment of a microservices-
based architecture. Which service is best suited to handle the deployment and rollback of
microservices?

A. Docker
B. Jenkins
C. Kubernetes
D. GitLab

Answer: C (Kubernetes)
Explanation: Kubernetes handles the deployment, scaling, and rollback of containerized
microservices effectively.

76. A healthcare startup is developing a sensitive patient data application. They want to use
encryption and make sure that the data is stored securely in the cloud. Which cloud feature
would best protect sensitive data?

A. High Availability
B. End-to-End Encryption

239 | P a g e
C. Elastic Load Balancing
D. Containerization

Answer: B (End-to-End Encryption)

Explanation: End-to-End Encryption ensures that data is protected from unauthorized access by
encrypting it during transfer and storage.

77. Your company is deploying a critical application with sensitive financial data. They need to
ensure that the cloud environment meets industry-specific security standards. Which type of
cloud environment should they choose?

A. Public Cloud
B. Private Cloud
C. Hybrid Cloud
D. Community Cloud

Answer: D (Community Cloud)

Explanation: A Community Cloud allows multiple organizations with shared security
requirements to access a dedicated cloud environment.

78. An organization is choosing between server-based virtualization and hypervisor-based

virtualization for better resource allocation and scalability. If they prefer direct hardware access,
which type should they use?

A. Server-based Virtualization
B. Hypervisor-based Virtualization (Type 1)
C. Hypervisor-based Virtualization (Type 2)
D. Para Virtualization

Answer: B (Hypervisor-based Virtualization Type 1)

Explanation: Hypervisor-based Virtualization (Type 1) runs directly on the host's hardware,
offering better scalability and performance.

79. A tech company plans to use containers to package their microservices applications. Which
key benefit of containers makes them suitable for microservices architecture?

A. Low Latency
B. Portability and Consistency
C. Scalability
D. Fault Tolerance

240 | P a g e
Answer: B (Portability and Consistency)
Explanation: Containers provide consistent environments across development, testing, and
production, making them ideal for microservices.

80. A CI/CD pipeline needs to be set up where each change is automatically tested and deployed,
including into production, without manual approval. Which CI/CD practice allows for fully
automated deployment?

A. Continuous Integration
B.Continuous Delivery
C. Continuous Deployment
D. Continuous Testing

Answer: C (Continuous Deployment)

Explanation: Continuous Deployment automatically deploys every code change that passes
tests, directly into production without manual intervention.

81. Your company runs a high-traffic web application on a private cloud. Due to unexpected
demand, the existing infrastructure becomes insufficient. To maintain performance without
scaling the private cloud, you plan to use a public cloud for additional resources. What cloud
service model should you implement?

A. Hybrid Cloud with IaaS

B. Hybrid Cloud with PaaS
C. Community Cloud with SaaS
D. Multi-cloud strategy with SaaS

Answer: A (Hybrid Cloud with IaaS)

Explanation: In a Hybrid Cloud model, the private cloud can extend its resources to the public
cloud for scalability. IaaS provides the required computing power and storage without the need
for upfront hardware investment.

82. A multinational corporation must deploy its applications across several regions, ensuring low
latency and high availability. The company also needs to dynamically allocate resources based
on varying demands in different regions. Which cloud characteristic is critical for achieving this
goal?

A. Fault Tolerance
B. Geo-distribution

241 | P a g e
C. Elasticity
D. Auto-scaling

Answer: B (Geo-distribution)
Explanation: Geo-distribution allows cloud resources to be deployed in multiple regions,
ensuring low-latency access and availability of services.

83. You have implemented a microservices architecture with multiple containers for a complex
web application. When a component fails, the entire system slows down due to
interdependencies. Which practice can help maintain performance and reduce system-wide
failure?

A. Service Mesh
B. Load Balancer
C. Auto-scaling
D. Blue/Green Deployment

Answer: A (Service Mesh)

Explanation: A service mesh provides a dedicated infrastructure layer that manages
communication between microservices, enhancing fault tolerance and improving service
reliability.

84. Your organization needs to deploy a distributed system across multiple cloud providers to
avoid vendor lock-in. They also want to optimize costs while ensuring workload portability.
What cloud strategy should you adopt?

A. Multi-cloud Strategy
B. Hybrid Cloud Strategy
C. Cloud Bursting
D. Community Cloud

Answer: A (Multi-cloud Strategy)

Explanation: A multi-cloud strategy allows an organization to distribute workloads across
different cloud providers, preventing lock-in and optimizing cost while ensuring portability.

85. A healthcare company wants to deploy its patient management application to the cloud but
needs to comply with data protection regulations like HIPAA. Which cloud computing strategy
should they implement to ensure compliance while maintaining data accessibility?

242 | P a g e
A. Public Cloud
B. Private Cloud
C. Hybrid Cloud
D. Community Cloud

Answer: C (Hybrid Cloud)

Explanation: A hybrid cloud ensures that sensitive data remains in a secure, compliant private
cloud while non-sensitive operations can leverage the scalability of the public cloud.

86. A large organization has a high throughput application that needs to maintain consistent
performance despite scaling up or down rapidly. What type of virtualization should be used to
ensure minimal overhead while optimizing resource allocation?

A. Para Virtualization
B. Full Virtualization
C. Server-based Virtualization
D. Containerization

Answer: D (Containerization)
Explanation: Containers share the host OS and use fewer resources than traditional VMs,
making them ideal for high-throughput applications with minimal overhead.

87. A development team is implementing continuous integration (CI) for a financial

application. They want to ensure that even minor code changes are automatically tested in a
dedicated environment. However, deployment should only occur once all security checks have
passed. Which CI/CD approach is most appropriate?

A. Continuous Delivery with Security Gate

B. Continuous Deployment with Blue/Green Deployment
C. Continuous Integration with Canary Releases
D. Continuous Integration with Immutable Infrastructure

Answer: A (Continuous Delivery with Security Gate)

Explanation: Continuous Delivery automates the testing and integration of code, while security
gates ensure only approved code is deployed to production environments.

88. Your company is developing a data-heavy application where users from different
geographical regions need to access the same data simultaneously with low latency. Which cloud
architecture would best meet this requirement?

243 | P a g e
A. Multi-region deployment with edge computing
B. Public cloud with global DNS routing
C. Hybrid cloud with CDN integration
D. Private cloud with global load balancing

Answer: A (Multi-region deployment with edge computing)

Explanation: A multi-region deployment combined with edge computing ensures data is
processed closer to the user, reducing latency and improving user experience.

89. A company wants to automate the deployment process for an application hosted on Docker
containers. They require a tool that will manage both container orchestration and the rolling
updates to ensure zero downtime during the deployment process. What should they use?

A. Jenkins
B. Docker Swarm
C. Kubernetes
D. Ansible

Answer: C (Kubernetes)
Explanation: Kubernetes provides robust container orchestration and supports rolling updates to
ensure zero downtime during deployment.

90. An organization needs to run multiple instances of the same containerized application across
different availability zones for high availability. They want to ensure that each instance uses the
same configuration but is independently manageable. Which technique can they apply?

A. Container Cloning
B. Container Replication
C. Container Swarming
D. Container Spanning

Answer: B (Container Replication)

Explanation: Container replication allows multiple instances of the same application to run
simultaneously across different zones while maintaining consistency.

91. A company is working with large datasets and needs to optimize data processing through
distributed parallel computing. They require a solution that distributes tasks across multiple
nodes to speed up computation. Which solution best meets this need?

244 | P a g e
A. Hadoop
B. Kubernetes
C. Docker
D. AWS Lambda

Answer: A (Hadoop)
Explanation: Hadoop is a distributed parallel computing framework designed to process large
datasets by distributing the tasks across multiple nodes.

92. You are building a private cloud for a government agency that requires highly sensitive
information to remain isolated from the public internet. Which type of virtualization would be
most secure and efficient in this scenario?

A. Full Virtualization with Type 1 Hypervisor

B. Para Virtualization with Type 2 Hypervisor
C. Server-based Virtualization
D. Containerization with Kernel Isolation

Answer: A (Full Virtualization with Type 1 Hypervisor)

Explanation: Full virtualization with a Type 1 hypervisor provides maximum isolation and
security by running directly on the host hardware, making it suitable for sensitive environments.

93. A startup is looking for a cost-effective solution to quickly develop and test new features of
their application in a cloud environment. They do not want to manage infrastructure or worry
about scaling. What cloud service model should they use?

A. IaaS
B. PaaS
C. SaaS
D. FaaS

Answer: B (PaaS)
Explanation: PaaS allows developers to focus on building applications without worrying about
infrastructure management or scalability, making it ideal for testing new features.

94. A company's continuous deployment pipeline is struggling to handle increased workloads,

leading to bottlenecks during deployment. They need to scale the system dynamically to handle
these workloads. What cloud feature can they leverage?

245 | P a g e
A. Auto-scaling with Load Balancer
B. Multi-tenancy with Elastic Load Balancing
C. Blue/Green Deployment with Fault Tolerance
D. Immutable Infrastructure

Answer: A (Auto-scaling with Load Balancer)

Explanation: Auto-scaling with a load balancer helps manage dynamic workloads by scaling
resources based on demand and distributing traffic evenly.

95. You are tasked with setting up a cloud infrastructure where different departments within your
company can share resources but still maintain isolated environments for security. What cloud
computing model is most suitable?

A. Private Cloud
B. Public Cloud
C. Community Cloud
D. Multi-cloud

Answer: C (Community Cloud)

Explanation: A community cloud allows multiple entities (like departments) to share
infrastructure while maintaining security and isolation.

96. A financial institution is deploying a containerized application that handles sensitive

transactions. They require both high performance and strict isolation of workloads. Which
technology should they adopt?

A. Virtual Machines
B. Hypervisor-based Virtualization
C. Kubernetes with Pod Security Policies
D. Containers with SELinux

Answer: D (Containers with SELinux)

Explanation: SELinux enforces mandatory access control policies, ensuring strict isolation and
security for containerized applications handling sensitive data.

97. A CI/CD pipeline must be implemented to handle deployments in multiple environments:

development, staging, and production. Each environment requires unique configurations. What
CI/CD feature is essential for ensuring smooth deployments across environments?

246 | P a g e
A. Infrastructure as Code (IaC)
B. Blue/Green Deployment
C. Canary Testing
D. Environment Variable Management

Answer: D (Environment Variable Management)

Explanation: Environment variable management allows different configurations for various
environments, ensuring smooth and correct deployment across development, staging, and
production.

98. Your organization is using Type 2 virtualization for testing, but due to the overhead, the
performance is poor. They plan to move to a Type 1 hypervisor. What is the main benefit of
moving to a Type 1 hypervisor?

A. Increased Security
B. Improved Performance
C. Easier Management
D. Lower Latency

Answer: B (Improved Performance)

Explanation: Type 1 hypervisors run directly on the hardware, reducing overhead and
improving performance compared to Type 2 hypervisors, which run on a host OS.

99. A software company is adopting containerization for its development teams, who are using
different OS platforms. They want to ensure that containers can be ported across various
platforms without compatibility issues. What approach should they take?

A. Use Docker Containers

B. Use Virtual Machines with Hypervisor
C. Implement Cross-platform Compatibility Layers
D. Implement Kubernetes with Helm

Answer: A (Use Docker Containers)

Explanation: Docker containers provide platform independence and can run consistently across
different operating systems, ensuring compatibility.

100. A logistics company uses cloud computing to manage its operations. To prevent vendor
lock-in, they plan to shift some workloads between public cloud providers. What should be
prioritized in the design to enable seamless workload migration?

247 | P a g e
A. Decoupled Architecture
B. Full Virtualization
C. Monolithic Design
D. On-premise Backup

Answer: A (Decoupled Architecture)

Explanation: A decoupled architecture allows easier migration of workloads between cloud
providers, reducing dependency on any single vendor.

101. Your organization wants to switch from traditional VMs to containers to improve agility
and reduce costs. However, security concerns arise because multiple containers will share the
same OS kernel. How can the company address these security concerns while maintaining the
agility of containers?

A. Implement OS-level Virtualization

B. Use Hypervisor-based Virtualization
C. Deploy Containers with Security Modules like SELinux or AppArmor
D. Use Full Virtualization for Critical Applications

Answer: C (Deploy Containers with Security Modules like SELinux or AppArmor)

Explanation: SELinux or AppArmor adds an additional security layer to containers by enforcing
mandatory access controls, helping mitigate risks associated with sharing the OS kernel.

102. A company needs to reduce the downtime for its web application during updates. They are
already using containers and want to ensure that the updates can be tested in production without
affecting the end-users. What deployment strategy should they adopt?

A. Rolling Deployment
B. Blue/Green Deployment
C. Canary Deployment
D. Recreate Deployment

Answer: B (Blue/Green Deployment)

Explanation: Blue/Green deployment allows a new version to be deployed alongside the old
one. Traffic is gradually shifted to the new version, minimizing downtime and allowing rollback
if needed.

103. Your organization uses a cloud service provider for its public-facing services but needs to
process sensitive customer data on-premise. How can you securely integrate the cloud
environment with your on-premise data center while maintaining a unified infrastructure?

248 | P a g e
A. Use Virtual Private Cloud (VPC) with VPN Tunneling
B. Set up a Community Cloud with Security Policies
C. Implement Cloud Bursting with Data Encryption
D. Create a Hybrid Cloud with Direct Network Peering

Answer: D (Create a Hybrid Cloud with Direct Network Peering)

Explanation: A hybrid cloud setup with direct network peering between on-premise and cloud
environments allows for secure, low-latency communication between the two infrastructures.

104. A financial services company wants to migrate their legacy application to the cloud while
ensuring strict compliance with PCI DSS for processing payment card information. What cloud
deployment model is best suited to meet both scalability and compliance requirements?

A. Private Cloud
B. Hybrid Cloud
C. Public Cloud
D. Community Cloud

Answer: B (Hybrid Cloud)

Explanation: A hybrid cloud allows the company to maintain PCI DSS-compliant infrastructure
on-premise for sensitive data, while leveraging the public cloud for less sensitive operations and
scalability.

105. A DevOps team is implementing continuous delivery but wants to ensure that new code
passes a set of automated tests and manual approvals before it can be pushed to production. How
can they achieve this while still minimizing manual intervention?

A. Implement a Staging Environment with Canary Testing

B. Use Continuous Deployment with Blue/Green Deployments
C. Set up a Continuous Delivery Pipeline with Security and Compliance Gates
D. Implement Full Virtualization in the Testing Environment

Answer: C (Set up a Continuous Delivery Pipeline with Security and Compliance Gates)
Explanation: Continuous delivery pipelines can be configured with automated tests and manual
approval gates to ensure that only secure and compliant code reaches production.

106. A SaaS provider wants to implement a multi-tenant architecture on the cloud where each
customer is isolated, but they also need to optimize resource usage by sharing the underlying
infrastructure. Which virtualization approach would be most efficient for this use case?

249 | P a g e
A. Full Virtualization with Type 2 Hypervisors
B. Server-based Virtualization
C. Containerization with Namespace Isolation
D. Para-virtualization with Hypervisors

Answer: C (Containerization with Namespace Isolation)

Explanation: Containerization with namespace isolation allows multiple tenants to run isolated
instances on the same underlying infrastructure, optimizing resource usage while maintaining
isolation.

107. An e-commerce company needs to handle traffic spikes during sales events. Their
infrastructure should automatically scale and ensure that there are no delays in serving requests.
What feature of cloud computing can handle this scenario?

A. Elastic Load Balancer with Auto-scaling

B. Static Load Balancer with Horizontal Scaling
C. Content Delivery Network with Caching
D. Vertical Scaling with Manual Load Distribution

Answer: A (Elastic Load Balancer with Auto-scaling)

Explanation: Elastic load balancing distributes incoming traffic, and auto-scaling adjusts the
number of active instances dynamically based on traffic demand, ensuring smooth operation
during spikes.

108. Your application requires real-time processing of streaming data and must scale up and
down frequently based on incoming data volumes. What cloud service model and architecture
should you choose?

A. IaaS with Stateless Microservices

B. PaaS with Event-driven Architecture
C. FaaS with Message Queuing
D. SaaS with Stateful Microservices

Answer: C (FaaS with Message Queuing)

Explanation: Function-as-a-Service (FaaS) enables real-time processing of event-driven
workloads, and message queuing helps manage the incoming data volume, allowing for dynamic
scaling.

250 | P a g e
109. A software development team wants to implement continuous integration and also wishes
to monitor performance metrics of the deployed applications in real time. Which combination of
tools or practices should they use?

A. Jenkins with AWS CloudWatch

B. Ansible with Git
C. Kubernetes with Jenkins Pipelines
D. Terraform with Docker

Answer: A (Jenkins with AWS CloudWatch)

Explanation: Jenkins is a popular tool for continuous integration, and AWS CloudWatch can
monitor performance metrics in real time, making this a suitable combination for the desired
outcome.

110. A company using CI/CD pipelines has noticed that their production deployments
occasionally cause performance regressions, but the problem isn’t immediately apparent after the
deployment. What strategy should they implement to catch these regressions early?

A. Canary Deployment with Load Testing

B. Rolling Deployment with Real-time Monitoring
C. Blue/Green Deployment with End-to-End Testing
D. Continuous Deployment with A/B Testing

Answer: A (Canary Deployment with Load Testing)

Explanation: Canary deployment allows only a small portion of users to access the new version,
and load testing helps identify performance issues before the full rollout.

251 | P a g e