Computer Security

Computer Security
1.1Definition of Security
In the broadest sense, security can be defined as the protection of assets.
There are three main aspects of security:
 Prevention
 Detection
 Reaction
1.2How is Information security different from regular security
The definition of security above is solely emphasising on regular security.
There are some differences between Traditional security and Information
security.4
 Information can be stolen, but you still have it.
 Confidential Information may be copied and sold, but the theft might
not be detected.
 The Information criminal maybe on the other side of the world unlike
regular theft.
1.3Definition of Information security
Computer security deals with the prevention and detection of unauthorized
actions by users of a computer system.
NB
Although we’ve defined above security and information/computer security,
we will be elaborating more and only on the concept of computer security
1.4Features of a good security system
In order to prevent and detect unauthorized actions by its users, a good
information system must provide the following features
 Confidentiality
 Integrity CIA
 Availability (Explained behind)
 Non-repudiation
 Authentication
 Access control
 Accountability
Features Revelations
1. Confidentiality:
Confidentiality is the prevention of unauthorized disclosure of
information.
2. Integrity:
Integrity is the prevention of unauthorised writings or modifications of/on
information.
3. Availability:
Availability is the prevention of unauthorised with-holding of
information.
4. Non-repudiation:
Non-repudiation is the prevention of either the sender or the receiver
denying a transmitting message. Non-repudiation is often implemented
by using digital signatures,
5. Authentication:
Authentication is proving a claim, usually that you are who you say you
are, where you say you are, at the time you say it is.
6. Access Control:
Access Controls provide the limitations and control of access to
authorised users through identification and authentication.
7. Accountability:
Accountability means that the system is able to provide audit trails of all
transactions.
2.0 Identification and authentication.

2.1 User-names and passwords.
When a computer system has to verify a user’s information, they take in

consideration two basic questions which must be posted with expectations of
appropriate answers to be provided, which are:
Who are you?
The computer system has the identity of who is trying to gain access to its
information. Usually supposed by a user-name which is not a secret but usually
meaningful to the user.
The user-name mostly involves a combination of two names, usually the first
name and the second name for example
How do I know that you are who you say you are?
The computer must establish that the person logging into the system is exactly
the person in question with detail corresponding.
Since anyone can have access to the username which is not a secret, the right
user must be expected to input the right password for access into the
information that’s concerning.
By entering this password which is a secret only known by the user, the user
proves to the computer system that he is an authorised user, by so doing,
gaining access to the system.
N/B
A username is used to establish identity while a password is used to establish

authentication of identity.
2.2 THREATS
An identification system consist of a database of passwords indexed by

user-names. This is called the Password file. When a user logs into the system,
the computer checks that the user-name and password input match an entity in
the password file.
If a match is found, the process is complete and the user is allowed access to the
system. If not, access is denied although the user maybe given another chance to
enter their user-name and password.
There are various ways in which a user-name/password identification system

can be abused.
In the following sections will be looking at possible attacks and their defences
in preventing/detecting attacks and threats.
2.3 Password Guessing
Suppose a hacker wants to gain access in a system which is protected by a

user-name/password identification system. Assuming the hacker knows the
user*-name which is not secret, for an authorised user, if the hacker can guess
the users password, he will gain access to the system.
Below are several ways a hacker can find out the password of a user.
They include:
Guessing using personal knowledge of the user.
Many people are passwords which relate to them personally. For example,
their passwords could be the names of their of their children /child, spouse or
pet.
They may as well use their street names, birthdates or country clubs as
passwords.
If the hacker could gain personal information about the user (victim), then they
could easily guess without difficulties.
This attack only fails if the user in this case, the victim doesn’t use personal
information or so related
2) Dictionary searching
Another efficient means of password generating for easy memorizing is by

choosing a word usually in their own language.
If the hacker cannot directly guess the user’s password then he may set up a
dictionary attack. This means that he will run a computer programme which
tries every word in the dictionary as the password of the user until he finds a
match.
This attack will fail if the user does not use a word which appears in a
dictionary as their password.
3) Intelligent searching
Some user-name/password systems insist that the user’s password contains,

mixed of letters and numbers. The most common thing for a user (who has not
been educated with password security) to do is to add a number on to the end of
a word. For example using the password such as orange. An intelligent
dictionary might try all words with numbers added.
Thus if the hacker knows that a particular password system insist that their
passwords are a minimum of 6 characters long and must contain at least one
number, then the hacker may try all five letter words with each of the digits 0,
…,9 attached. Thus orange0, orange1, orange2,…., orange9, mango0, mango1,
… and so on would form part of this search.
If this attack does not succeed the next step might be to capitalize the first word
in the dictionary. Other intelligent dictionary modifications include capitalizing
each letter of the word in turn, including a number at the front of the word,
including a number in any position in the word or replacing letters which are
similar to numbers with that number. For example, replacing the letter 1 with
the number 1 or letter 0 with the number0.
4) Exhaustive Searching
If the user has been clever enough to use a random meaningless string of
characters as their password, then the hacker may have to resort, to try and
exhaustive search account.
An exhaustive search is similar to a dictionary search, but in the exhaustive

case, the computer programme used by the hacker will try every possible
combination of permissible characters the password, in order to find a match.
Thus if searching for a six character password, the hacker might try aaaaaa,
aaaaab, aaaaac, …., aaaaaz, aaaaa0, …, aaaaa9, aaaaa*, etc. and moves
systematically through all possible permutations.
This attack will only succeed eventually since every possible password in turn,
sooner or a later a match will be found. However, there are ways of making an
exhaustive search so time consuming for the hacker that is not successful during
the life of the password (i.e before the exhaustive search is successful the
password has been changed). Some password systems insist that the users
change their passwords every three months, for example.
NB!
In general, if a password is “n” character long and is made up from an alphabet

of “A” different characters then there are An different possible different
passwords
5) Asking the user
The user may receive a phone call from an organization’s office, claiming to
secure files to be lost, thereby requesting the user password directly. Ensure
never to forward password in such cases.
6) Fake log-in screens
A more sophisticated spoofing attack is when the hacker codes and sets up a
fake login screen on the user’s device which exactly resembles the genuine
login screen for the system. The user is presented with this login screen and
unsuspectingly enters their user-name and password.
The hacker captures this information and typically gives the user an error
message saying that they have incorrectly typed their password. The genuine
login screen is then displayed. The user cannot be sure that they did not make a
typing mistake, so they typed in their user-name and password again and gain
access to the system. The user may have no idea that they have been the victim
of a spoofing attack.
7) Password Spoofing
A spoofing attack is when a user is fooled into giving the hacker their
password. They may be very simple or sophisticated.
2.4 User and System Defense
When a username/password system is implanted, it is important that the

users are informed of the following measures;
1. The user should always setup a password and not leave the password
option as blank.
2. The user should change the default password.
3. The user should change their password frequently.
4. The user should not use the same password for all system.
5. When changing a password the user should not just add a digit onto the
end of the old password.
6. The user should not choose a password that relates to them personally
such as their date of birth or name of their child.
7. The user should not choose a dictionary word as their password.
8. The user should not choose a password that is too short.
9. The user should choose a password that contains a mix of letters and
numbers.
10.The user should not write their password down or reveal it to anyone.
Some of these measures can be enforced by the system. Things that the
system can do in other to minimize the risk of attack include;
1. Insist that the user creates a password.

2. Provides the user with a default password.
3. Enforce the user to change the default password at the first login.
4. Enforce the user to change their password at frequent intervals (say every
three or six months depending on the security need).
5. Check password chooses against a dictionary and reject weak password.
6. Insist that password contains an alpha numeric mix of characters.
7. Insist that passwords are at least the minimum length (say 6+ characters
depending on the security need).
8. Limit login attempts (a maximum of three attempts is usual). After which
time the system administrator will have to reset the password for the user.
9. Inform users of each unsuccessful login attempts.
2.5 Attacking the password file
It is very important in securing a password file especially from external

access.
They are essentially two ways in which the password file is protected;
1. Using cryptographic protection.

2. Implementing access control over the password file.
Ideally the password file which contains all email/username/password should be

both encrypted and protected from unauthorised access by the implementation
of access control.
2.6 Password Salting
It is a process use to ensure that all passwords in the system are unique.
Most system insists that all usernames are unique and different before adding
the new user to the system.
2.7 One-time password (OTP)
Some systems are now making use of OTP.
It constantly changes the password, the risk of a password been discovered

is greatly reduced.
Should in case an attacker finds a password, he will only be able to gain

access to the system once.
The password will be rejected the next time he tries it again.
One time password typically works in one of these three ways;
 The mathematical algorithm is use to generate a new password based on

the previous password.
 A time synchronization protocol is use between the authentication sever
and the client providing the password.
 A mathematical algorithm is use to create each new password based on a
challenge such as a random number chosen by the authentication sever
and a counter.
3.0 INTRODUCTION TO CYBER SECURITY
Cyber security refers to the technologies, processes and practices design

to protect an organization, intellectual properties, customer data and other
sensitive information from unauthorised access from cyber criminals.
The frequencies and security of cyber crimes is on the rise and the is a
significant need for improved cyber risk management as part of every
organisation or enterprise risk profile.
Cyber attackers are committed for variety of reasons including financial

fraud, information theft, activist causes to deny services, disrupt critical
infrastructure, vital services of government or organisation.
3.1 THE SIX(06) COMMON SOURCES OF CYBER THREATS ARE AS

FOLLOWS;
1. Cyber criminals
2. Hacktivist
3. Insider and service providers
4. Developers of substandard products and services
5. Poor configuration of cloud service
6. Nation/States
3.2 COMMON TYPES OF CYBER ATTACKS
1. Malware
2. Phishing
3. Man-in-the middle attack
4. Denial-of-service attack
5. SQL Injection
6. Zero-day exploit
7. DNS Tunneling
3.2.1 MALWARE
Malware is a term used to describe malicious software, including

spyware, ransomware, viruses and worms.
Malware breaks a network through a vulnerability, typically when a

user clicks a dangerous link or email attachment.
Once inside the system, malware can do the following;
i. Block access to key component of the network (ransomware).

ii. Install malwares or additional harmful software.
iii. Covertly options information by transmitting data from the hard drive
(Spyware).
iv. Disrupt certain components and render the system inoperable.
3.2.2 MAN IN THE MIDDLE ATTACK
Man in the middle attack also known as eavesdropping attack, occurs

when attackers insert themselves into a party conversation.
Once the attacker interrupts the traffic, they can filter and steal data.
3.2.2.1 TWO COMMON POINTS OF ENTRY FOR MAN IN THE MIDDLE

ATTACKS.
i. Unsecure Public Wi-Fi: Attackers can insert themselves between visitors

device and the network administrator (mitm) without knowing, the visitor
passes all information through the attacker.
ii. Once malware has breached a device, an attacker can install software to
process all of the victims’ information.
3.2.3 DENIAL OF SERVICE ATTACK
The Denial of service attack, floats systems servers or network to traffic

to exhaust resources and bandwidth.
As a result, the system is unable to fulfil legitimate request.
Attackers can also use multiple compromised devices to launch this attacks.
This is known as Distributed Denial of service attacks (DDOS).
3.2.4 SQL Injection
A structure Query Language (SQL) injection occurs when an attacker

inserts malicious codes into a server that uses SQL and forces the server to
reveal information it normally would not.
An attacker could carry out SQL –injection simply by submitting malicious

codes into the vulnerable website search box.
3.2.5 Zero-day Exploit.
A zero day exploit hits after a network vulnerability is announced before

a patch or solution is implemented.
Attackers target the disclosed vulnerability during this window of time.
Zero day vulnerability threat detection requires constant awareness.
3.2.6 DNS Tunnelling
Domain Name service Tunnelling utilizes the DNS protocol, to

communicate on DNS traffic over port 53. It sends HTTP and other protocol
traffic over DNS.
They are various legitimate reasons to use DNS tunnelling VPN services.
They can be used to disguise out bound traffic as DNS, conceiving data that is
typically shared through on internet connection.
For malicious use, DNS request are manipulated to infiltrate data from a
compromised system to the attackers infrastructure.
It can also be used for command and control call breaks from the attackers’
infrastructure to a compromised system.
3.2.7 PHISHING
Phishing attacks are the practice of sending fraudulent communication

that appear to come from a reputable source.
It is usually done through email. The goal is to steal sensitive data like credit
cards and log in information respectively, or to install malware on the victim’s
machine.
Phishing is a common type of cyber-attack that everyone should learn about in
other to protect themselves.
3.2.7.1 How Does Phishing Works.
Phishing starts with a fraudulent email of the other communication that

is designed to lure a victim.
The message is made to look although it comes from a trusted sender.
If it fools the victim, he or she is coaxed/forced into providing confidential

information, often on a scam website. Sometimes malware is also downloaded
into a target computer.
3.2.7.2 What are the Dangers of Phishing Attacks?
Sometimes attackers are satisfied by getting a victims credit card

information or other personal data for financial gain.
Sometimes, phishing emails are sent to obtain employees login information, or

other details for use in an advanced attack against the specific company.
Cyber-crimes attacks such as advanced persistent threats (APTs) and

ransomware often starts with phishing.
3.2.7.3 How Do We Protect Against Phishing Attack.
i. User Education: One way to protect an organisation from phishing is user

education. Education should involve all employees. High level executive
are often the target. Teach them how to recognize a phishing email and
what to do when they receive one.
Simulation exercises are also key for accessing how your employees react
to a staged phishing attack.
ii. Security Technology.
As at now, they are no single cyber security technology that can prevent
phishing attack.
3.2.7.4 Examples of Phishing Attacks
1. Spear Phishing
It targets specific individuals instead of a wide group of people.
Attackers often do research about their victim’s on social media and other
sites.
That way, they can customise their communications and appear more
authentic.
Spear phishing is often the first step used to penetrate a company’s
defence system and carryout a targeted attack. 95% of all attacks on
enterprise network are the result of successful spear phishing.
2. Whaling
When attackers go after a “big fish” like a company’s CEO, its called
Whaling.
These attackers often spend considerable time profiling the target to find
the opportune moment and means of stealing login credentials (info’s
etc.).
Whaling is of particular concern because high level executive are able to
access a great deal of companies information.
PHARMING:
This is sending users (victims) to a fraudulent website that appears to be

legitimate. Howover this case victims do not even have to click a malicious
link before being taken to the bogus sit.
Attackers can infect either the users computer or the website DNS server and
redirects withdraws the user to a fake site even if the (URL) Unifom Resource
Locator is correctly typed in
4) Deceptive Phishing
Deceptive phishing is the most common type of phishing. In this case, an

attacker attempts to obtain confidential information from the victim.
Attackers use the information to steal money or to launch other attacks.
A fake email from a bank asking you to click a link and verify your account
details is an example of deceptive phishing.
5) Office - 365 - phishing
The method used by attackers to gain access to an office 365 email account are
fairly simple and becoming the most common.
This phishing campaigns usually take the form of a fake email from microsoft.
The email contains a request to login, stating the user needs to their password,
hasn't logged in recently or that there is a problem with their a accounts that
need attention.
A URL is included, enticing the that user to click to remedy the issue
3.2.7.5 PREVENTION OF PHISHING ATTACKS
1) Avoid strangers (check name and email addresses)
Don't rush, be suspicions of emails marked urgent
3) Notice mistakes in spelling and grammar.
4) Don't be lured by incredible deals
5) Read over the link before you click to ensure it has a secure URL (http://)
6) Never give out personal or friencial information based on an email request.

7) Don't trust link or attachment in unsolicitied emails.
COMPUTER SECURITY SELF-TEST QUESTIONS AND SCENARIOS.
Q1)
A friend sends an electronic Hallmark greeting card (e - card) to your work

email You need to click on the attachment to see the card.
What should you do?
ANSWER
DELETE THE MESSAGE
This one has four big risks, namely
1) Some attachments contain vinises or other malicious programs, so just in

general, it's risky to open unknown or unsolicited attachments
2) Also, in some cases just clicking on a malicious link can inject a computer,
so unless you are sure a link is safe, do not click on it.
3) Email addresses can be faked, so just because the email says it is from some
one you know, you can't be certain of this without checking with the person
4) Finally, some websites and links look legitimate, but they're really hoaxes
designed to steal your information.
Q2)
We saw a case a while back where someone used their yahoo account at a
computer lab on campus. She made sure her yahoo account was no longer open
in the browser window before leaving the lab. Someone came in behind her and
used the same browser to re-access her account. They started sending emails
from it and caused all sort of mayhem. What do you think might be going on
here?
ANSWER
The first person probably didn't log out of her account, so the new person could
just go to history and access her account.
Another possibility is that, she did log out, but didn't clear her webcache. (This
is done through the browser menu to clear pages that the browser has saved for
future use).
Q3)
Two different offices on campus and working to straighten out an error in an

employee's bank account due to a direct deposit mistake. Office #1 emails the
correct account and deposite information to office #2, which promptly fixes the
problem. The employee confirms with the bank that everything has, indeed,
been straightened what's wrong here ??
ANSWER
Account and deposit information is Sensitive data that could be used for identity
theft. Sending this or any Kind of sensitive information by email is very risky
because email is typically not private or secure Anyone. who knows how, can
access it anywhere along it's route.
As an alternative, the two offices could have called each other or worked with
ITs to send the information a more secure way
Q4)
In our comproting lakes and departments, print billing is often tied to the user's
Login. People login, they print, they (or their department) get a bill. Sometimes
people Call to complain about bills for printing they never did only to find out
that the bills are indeed, correct.
What do you think might be going on here?

ANSWER
Sometimes they realize the loaned their accounts to a friend who couldn’t
remember his/her password, and the friend did the printing. Thus the charges.
It's also possible that somebody came in behind them and used their account.
This is an issue with shared or priklic computers in general. If you don't log out
of the computer properly when you leave, someone else can come in behind you
and retrieve what you were doing, use your accounts etc, quit programs, and
close browser windows before you walk away
Q5)
Which of the following passwords meets UCSC's password requirement?
A) @ # $)*&^%
B) akHGksmLN
C) UcSc4Evr!
D) Password1
ANSWER
C = UcSc4Evr!
This is the only choice that meets all of the following UCSC requirements
At least 8 characters in length.
Contains at least 3 of the following 4 types of characters: lowercase letters,

upper case letters, numbers, special characters.
Not a word preceded or followed by a digit
Question
A while back, the IT folks got a number of complaints that one - of our campus
computers was sending out Viagra spam. They checked it out, and the reports
were true a hacker had installed a program on the computer that made it
automatically send out tons of spam email without the Computer owner's
knowledge.
How do you think the hacker got into the computer to set this up?
ANSWER
This was actually the results of a hacked password. Using passwords that can't
be easily gruessed, and protecting your passwords by not sharing them or
writing them down can help to prevent this.
Passwords should be at least 8 characters in length and use a mixture of

uppercase and lowercase letters, numbers, and symbols.
Even though in the case it was a hacked password, other things that could
possibly lead to this are:
 Out of date patches/updates.

 No anti - virus software or out of date.
 Anti - virus software.
 Clicking an unknown link of attachment.
 Downloading unknown or unsolicited programs on your compreter.
FAULT DETECTION QUESTION AND ANSWERS FOR OPERATIONS
Q1)
A technician discovers that RAID has stopped working, which two situations
could cause this issue? (choose two) (2 marks) .
✓ - The external RAID controller loses power.
✓ - The RAID controller fails

- The cable connected to the hard drive are connected incorrectly.
- One of the hard dries fails.
- RAID has been configured incorrectly.
Q2)
A technician is upgrading an older PC with a dual core CPU. When the PC

restarts, it is slower than it was before the repgrade. The performance tab from
the Task Manager displays only one CPU graph , what is the most probable
solution to this problem? (2 marks)
ANSWER
The processing speed of the dual core CPU is much faster than the older PC, is
incompatible hence degrading the performance of the older PC. Hence.
 Update BIOS firmware to support dual core CPU
Q3) What is a symptom of a printer fuser that needs to be replaced? (2marks)
ANSWER
 Noise coming from the fuser area
As the drive gear starts to wear out, you will hear hum or drone. Remember; the
hum comes before the grind. Grinding printing noise, this can come from the
printer’s swing plate (Replace both).
Q4) What is probable cause of a printer producing pages with ghost images
(2marks)
ANSWER
 If the drum wiper is worn out.
The printer may produce pages with ghost images. In this case, the drum or
toner cartridge should be replaced.
Q5) What corrective action should be taken on a printer that prints unknown
characters (2marks)
ANSWER
 Reinstall the driver

 Increase the memory
 Replace the drum wiper
 Replace the fuser
Explanation: an incorrect printer driver is installed.
Q6) What usually causes the BSOD in the windows OS.
ANSWER
 Driver software malfunctioning

 Hard drive inconvenience
 Broken apps which are flawed
Windows creates what’s known as a minidump file when a BSOD happens, it

contains infos about the crash and saves it to the disk.
Q7) A user reports that WiFi is not working on a laptop. A technician checks
the laptop and notices that the wireless networking icon is missing from the
notification area of the task bar. The technician tries to turn the wireless switch
on the laptop on and off . However, the wireless NIC is still not displayed. What
should be done next to troubleshoot this issue?
ANS = Activate the Nic in the Blos or UEFI settings
ANSWER
Remove the wireless display or dock, and then reconnect it. To remove the
device, open Settings, and then
Under wireless display and dock

Select Bluetooth and devices > Devices.
Select more options (3 vertical clots)
Next to the wireless display, adapter or dock you want to remove, then
Select Remove devices > Yes.
After that, by reconnecting.
OR
Update wireless drivers and PC entirely.
Q8) What are two reasons that a work station would begin to lock up
frequently? (choose two) (2 marks)
a) failing RAM
b) an overheating CPU
c) an incorrect display setting.
d) indexing servicerunning too long
e) issues with the uninstallation of an application
Q9) Users in an office complain that they are receiving “Document failed to
print” messages when trying to print to a network printer. What is a likely
problem (2marks)
Ans
The printer is configured with an incorrect ip address.
Receiving a “document failed to print” message can indicate that the network
printer has an incorrect ip address.
Q10) A user has not updated an application for over two years and has just
update to the newest release on the workstation. The user notices, however, that
the software with the newest release is operating very slowly. The other
applications on the work station are operating normally. What is a possible
problem?
ANSWER
The computer does not have enough RAM
Revelation!
If a computer is displaying slow performance when a specific application is

being used, more RAM need to be installed may
Q11) A technician adds a new optical drive to a comprater but the optical drive
is is not recognized by the computer. The technician thinks that the BIOS
firmware needs to be updated and updates the CMOS. However, the computer
fails to start. What is a possible solution? (2 marks)
ANSWER
Contact the motherboard manufacturer to obtain a new CMOS chip.
Revelation! After the CMOS on a computer is updated and the computer fail to
boot, it is likely that the CMOS firmware was installed incorrectly.
The original firmware should be restored or a new CMOS must be obtained

from the motherboard manufacturer.
Q12) A computer repeatedly locks without any error. Which two conditions
may be the cause of the problem? (2 marks)
ANSWER
 The Computer has a virus.

 An update has corrupted the operating system.
Q13) A PC is not able to connect to a wired network. Pinging the loopback
address is successful, but the gateway cannot be reached. On the network
switch all the interface lights are on, except for the interface connected to the
PC. The LED on the network card is off. What is the most likely cause of this
problem? (2 marks)
ANSWER
The network cable is faulty
The network card is working if the loopback address can be pinged. The LED
on the network card being off points towards a faulty cable or a bad connection
Q14) Users in a recently installed wireless network are complaining of slow

data transfer and frequent loss of connectivity. The technician checks that the
wireless security is correctly implemented, and there is no evidence of
unauthorized users on the network. Which two problems might the technician
suspect? (Choose two)
ANSWER
There's interference from outside sources.
The wireless signal is too weak.
Revelation
Normally, the closer a wireless NIC is to an access point, the faster the
connectivity. This problem does not require the network password reissued.
The combination of the low bandwidth and the intermittent connectivity is
pointing towards a weak signal or interference for outside sources.
Q15) A user can send email to other people in the office successful but is unable
to receive any email. What is a possible cause of the issue
ANSWER
The computer has incorrect POP3 or IMAP Settings
Revelation
A user who can send email but is unable to receive email may have incorrect
email settings Configured on his or her workstation. Email is received using
PoP3 or IMAP.
Q16) A group of users is unable to connect to the network. When testing several
of the PCs and isssing the command the ip config , the technician of them have
an ip address in the 169.254.x.x range. What is the most likely cause of this
problem?
ANSWER
- The DHCP server is not operational.
Revelation
If the PCs are not able to connect to a DHCP, they will be allocated an IP
address within the range 169.254.0 169.254.255.255.
Q17) Which network server is malfunctioning if a user can a web server but
cannot ping the ping the ip address web server host name?
ANSWER
- The DNS server .

If pings are successful to an ip address but not to a host name , then the
problem maybe that a DNS server cannot be accessed
Q18 ) What Command can a technician usess on a computer to see if DNS is

functioning properly?
ANSWER
- Nslookup
Revelation
The nslooking command can be used to test DNS functionality .
Q19) An administrator deploys wireless acces points across the office to

provide wiresless network connectivity to users. Each workstation receives an
up address via DHCP.
After a file server with a static IP is, Connected to the wired network, the
administrator receives an up address conflict message. What is a possible
solution.
ANSWER
- Change the static IP configured on the file server
Revelation!
If an IP address conflict messages is displayed, then a single IP is being

rised more than once on the same network. To solve this problem, the
administrator needs to give different static IP address to the server on the
network.
Q20) A computer displays message when the computer boots; "MBR has been
changed or modified",
what could cause this problem?
ANSWER
- A bost sector virus has altered the master boot record.
Explanation
A boot sector virus will alter the MBR. A virus that alters the windows kernel
will not produce this message .The CMOS battery that fails cause the system
clock to gain or lose time , and RAM being unseated will result in less RAM
being available to the system or will result on Post errors.
REALISTIC COMPUTER WORLD AND QUESTION IN MCQ / ANSWERS
Q1 Who programmed the first computer game spacewar in 1962?
A ) Steave Roussel
B ) Konard Zise
C) Alan Emtage
D) Tim Berners-Lee
2) Who is known as the father of super computing
A) David J. Brown
B) Gene Amdahl
C) Adam Drinkels
D) Seymour Cray
3) Who created the C programming language
A) Ken Thompson
B) Dennis Ritchie
C) Robin Milner
D) Freder Nake
4) When was NASS COM (National Association of Software and Services
Companies) created?
A) 1988
B) 1997
C) 1993
D) 1882
5) Who is known as the father of the internet.
A) Alan Perlis
B) Jean E. Sammet.
C) Vint Cerf
D) Steve Lawrence
6) Which one is the first high level ming language
A) C
B) COBOL
C) FORTRAN
D) C++
7) Which one is the first word processor application
A) MS Word
B) Apple i work
C) Sun Star office
D) Wordstar
8) Which one is the current fastest super comprater in India.

A) Aaditya
B) SAGA -220
C) Sahasrat
D) HP Apollo 6000
9) Who developed Java programming Language
A) James Gosling
B) Douglas Engelbart
C) Edmund M. Clarke
D) James D. Foley
10) Which one is volatile memory in a computer system
A) Hard Disk
B) RAM
C) ROM
D) Optical Drive
11) One Terabyte (1TB) is equal to
A) 1028 GB
B) 1012 GB
C) 1000 GB
D) 1024GB
12) Who first developed QWERTY keyboard used in computers and phones.
A) Raphael Finkel
B) Wim Ebbinkhrijsen
C) Shafi Goldwasser
D) Christopher Latham sholes.
13) Which operating system is developed and used by Apple Inc.
A) Windows
B) Android
C) iOS
D) UNIX
14) Lines Torvalds developed which OS.
A) Windows
B) Mac OS
C) UNIX
D) Linux
15) In which one is the first search engine in internet.
A) Google
B) Archie
C) Altavista
D) NAIS
16) Which one is the first web browser inverted in 1990.
A) Internet Explorer
B) Mosaic
C) Mozilla
D) Nexzes
17) Which of the following programming language is used to create programs
like applets?
A) COBOL
B) C. Language
C) Java
D) BASIC
18) First computer virus is known as A) Rabbit
B) Creeper virus
C) Elk cloner
D) SCA Virus
19) Which are programming language is exclusively used for artificial

intelligence.
A) C C) J2EE
B) Java D) Prolog
20) Firewall in computer is used for
A) Security
B) Data Transmission
C) Authentication
D) Monitor
21) A dual layer Blue - ray Disc can store data upto
A) 20GB
B)35 GB
C) 12 GB
D) 50 GB
22) Which of the following is not an operating system .
A) Dos
B) Mac
C) C
D) Linux
23) Which of the following is not a database management Software.
A) MySQL
B) Ora de
C) Sybase
D) COBOL
24) 1024 bit is equal to how many byte
A) 1 Byte
B) 128 Byte
C) 32 Byte
D) 64 Byte
25) Mac OS is developed by which company .
A) IBM
B) Apple
C) Microsoft
D) Samsung
26) gif is an extension of
A) Image file
B) Video file
C) Audio file
D) Word file.
27) Which one of the first fully supported 64 - bit operating system
A) Windows
B) Vista Mac
C) Linux
D) Windows XP
28) Computer Hard Disk was first introduced in 1956 by
A) Dell
B) Apple
C) Microsoft
D) IBM
29) Which of the following is not a web browser
A) MOSAIC
B) WWW
C) Facebook
D) Netscape navigator
30) In Computer world, Trojan refers to
A) Virus
B) Malware
C) Worm
D) Spyware
31) Which protocol is used to receive email?
A) SMTP
B) POP3
C) HTTP
D) FTP
32) Which protocol is used to send email
A) HTTP
B) POP3
C) SMTP
D) SSH
33) Which computer program converts assembly language to machine

language?
A) Interpreter
B) Compiler
C) Assembler
D) Comparator
36) In which year was “@” sign chosen for its use in email address
A) 1976
B) 1980
C) 1977
D) 1972
35) What is the extension type of the excel 2007 file
A) •xls
B) •xlsx
C) • xsl
D) None of the above.
36) The basic units of an excel spreedsheet where we enter data is called.
A) Tab
B) Box
C) Cell
D) None of the above
37) Which one is a text editor for microsoft windows
A) MS Word
B) MS Excel
C) Wordpad
D) Notepad.
38) Which one is the default “Word processor” for microsoft window.
A) MS word
B) Ms paint
C) Wordpad
D) Notepad.
39) What is the maximum size of a word created MB
A) 1 MB
B) 32 MB
C) 16MB
D) 999KB
40) What is the maximum number of primary partitions that can be created on a
Hard – disk
A) 2
B)3
C)4
D)1
41) How many layers in the TCP/IP protocol layers
A) 7
B) 5
C) 4
D) 11
42) What is the binary value for “A”
A) 01000100
B) 11000001
C) 01100001
D) 01000001
43) Which is an output device
A) Monitor
B) Printer
C) Mouse
44) Which one is an example of Connectionless protocols.
A) TCP
B) IPX / SPX
C) Frame Relay
D) UDP
45) A common boundary between two computer systems is known as
A) Intradiction
B) Surface
C) Interface
46) Which one of the following is not a computer language .
A) BASIC
B) LOTUS
C) C++
D) JAVA
47) Which one is used for making presentation file from Microsoft office
package
A) MS Outlook
B) MS Excel
C) MS Nord
D) MS Powerpoint
48 Network interface card (NIC) is generally used for
A) Connectivity
B) Programming
C) Printing
49) Total number of pins in a traditional parallel port is
A) 3
B) 14
C)25
D) 27
50) Which web browser is developed by the Google
A) IE
B) Firefox
C) Satri
D) Chrome
51) The main page of a web site is known as

A) Home page
B) Book mark page
C) Content Page
D) Navigator page.
52) Who is known as the founder of IBM Company
A) Steve Jobs
B) Thomas T. Watson
C) Nolan Brushnell
D) Alan Turing
53) What is the full meaning of PDF
A) Printed Document Format
B) Public Document Format
C) Portable Document Format
D) Published Document Format
54) The simplest CPU scheduling algorithm is
A) Multilevel scheduling algorithm
B) FCFS scheduling algorithm
C) SJF Scheduling algorithm
D) Round - robin scheduling algorithm
55) Microsoft office's personal information Manager is
A) Outlook
B) Internet Explorer
C) Organizer
D) Access
56) Which of the following is not used as Secondary storage
A) Semiconductor memory
B) Magnetic drum
C) Magnetic disk
D) Magnetic tape
57) Binary system uses the power of
A)2
B)4
C) 8
D) 16
58) Which of the following is not a search engine
A) Google
B) Yahoo
C) Firefox Mozilla
D) Altavista
59) A ______________ is a collection of spread sheet pages.
A) Workbook
B) Artbook
C) Worksheet
D) Document
60) A hyperlink means
A) text connected to page
B) Plain text
C) Colored text
61) The default page size for word document is
A) Letter
B) Legal
C) A4
D) A3
62) _____________ folder contains the recently viewed web pages content
A) Explorer
B) History
C) Windows
D) Temporary Internet Files
63) The GUI means
A) General User Interaction

B) Graphical user Interface
C) Guided User Interface
D) General User interface.
64) Total number of pins in a serial port
A) 5
B) 7
C) 9
D) 15
65) What does the letter ‘S’ stands for in The Web terminology " HTTPS " .
A) Safe
B) Secure
C) Short
D) Shorter
66) Which one is the default extension of 2007 office word document.
A) .doc
B) .docx
C) .xls
D) .pdf
67) Who is the founder of Bluetooth?
A) Ericson
B) IBM
C) Apple
D) Dell
68) When a computer is turned, on a special type of absolute loader is executed

known as
A) Compile and Go’ Loader
B) PreBoot Loader
C) Relating Loader
D) Bootstrap Loader
69) Which one is a direct entry input device
A) Key- to - doskette
B) Mouse
C) Punched card
D) Computer Terminal
70) Which one IP address cannot be assigned to a computer system in a

network.
A) 192.168.1.1
B) 127.0.0.1
C) 192.1.1.27

71) The type of computers which can execute millions of instruction and
billions of data per second is known as
A) Laptop
B) Mainframe computer
C) Mini Computer
D) Personal Computer
72) ORACLE is a?
A) Operating system
B) RDBMS
C) Interpreter
D) Compiler
73) Repeaters function in the ___________ layer
A) Physical
B) Data Link
C) Network
D) Presentation
74) Moving processes from the main memory to disk is called.
A) Scheduling
B) Catching
D) Swapping
D) Spooling
75) Basic interface in ISDN refers to the transmission speed of

A) 64 kbps
B) 128 kbps
C) 144 kbps
D) 1.54 Mbps
76) What is the port number of Pop3
A) 21
B) 58
C) 80
D) 110
77) What is the port number of SMTP
A) 25
B) 28
C) 30
D) 52
78) IC chips for computer are usually made of
A) Silver
B) Aluminum
C) Copper
D)Silicon
79) The formula in Excel are made of
A) Arithmetical operators and functions
B) Only functions
C) Only arithmetic operators
D) Only Symbols
80) Which one of the following is not a special program in MS-office
A) Office Art
B) Clip Art
C) Word Art
D) Paint Art
81) Which type of files cannot be navigated using Clip Art browser
A) AVU
B) BMP
C) WAV
D) MP3
82) A connection from one HTML to another HTML document is called
A) Hyper Link
B) Connecting Link
C) Icon
D) All of those
83) From which toolbar can we change chart c type.
A) Formatting toolbar
B) Chart toolbar
C) Formula bar
D) Clipboard bar.
84) Which one is the full form of .pst
A) Portable Storage Table
B) Personal System Table
C) Personal Storage Table
D) Portable System Table
85) The comprehensive software system that builds, maintains and provides
access to a data base is
A) CPU
B) DASD
C) CAL
D) DMBS
86) ASCII has how many codes
A) 64
B) 128
C) 256
D) 382
87) Which one of the following represents the binary equivalent of the decimal
number 23
A) 01011
B) 10111
C)10011
D) 11011
88) In context of MS -Word let a letter of common contents is to be sent to 100
recipients. If address of individual recipient is to be added in each letter, we
will use.
A) Embedding
B) Mail - merge
C) Letters code
D) Hyperlink
89) You can activate a “cell” in MS - Excel
A) Pressing the Tab key
B) Clicking the Cell
C) Pressing an arrow key
D) All of these
90) Which of the following is not valid data type in MS-Excel
A) Number
B) Character
C) Label D) Date / Time
91) What is the intersection of a column and rows on a worksheet called.
A) Column
B) Value
C) Address
D) Cell
92) Generally, which language is used to

A) URL
B) IRC
C) NIH
D) HTML
93) In context of computers, FAT stands for
A) Folder Access Table
B) File Access Table
C) File Allocation Table
D) Folder Allocation Table
94) MS Word is an example of
A) Operating System
B) Processing Device
C) Application software
D) Input device
95) Which of the following is not a mandatory component of a URL.
A) Resource path
B) Protocol
C) Port Number
D) None of these
96) The __________ lists the location of the files on the disk
A) FAT
B) Boot Sector
C) Data area
D) Root Folder
97) Where are cookies stored
A) On the client
B) In HTML
C) In Web.Xml
D) None of these
98) To add an internal card to a computer, it must have an open________
A) USB Port
B) Expansion slot
C) Bus
D) Bay
99) The __________ interface transmits one bit at a time
A) Parallel
B) SCSI
C) Serial
D) Fiber
100) Data moves through the network in a structure called
A) Payload
B) Payback
C) Packets
D) Datagram
Networking Concept / Models
1.0 Network
A computer network is a set of computers sharing resources located on or

provided by network nodes. The computers use common communication
protocols over digital interconnections to communicate with each other.
1.1 THE OSI Model
The OSI (Open System Interconnection model is a conceptual model that

describes the universal standard of Communication functions of a
telecommunication system or computing system, without any regard to the
system underlying internal technology and specific protocol suites
This model was created by the International Organization for Standardization

ISO which enables various communication systems to communicate using
standard protocols. This model explains as revealed, the fundamentals of the 7
(seven) layered model propounded by themselves at a relevance to appropriate
communication within and between computer systems.
1.2 The Layered Approach
Below is an actual visualization of the OST 7 (seven) layered approach.
7 Application
Upper layer
6 Presentation
5 Session
3 Network
4 Transport
Lower layer
2 Data Link
1 1 Physical
1) Application layer:
Provides a user interface.
This is the communication spot in the computer
Provides an application interface and sends information through the protocol

stack down the layered structure
2) The Presentation layer:
Handles processing such as encryption. The presentation layer gets its name
from its purpose, it presents data to the application layer and is responsible for
data translation and code formatting.
3) The Session layer:

Organizes Communication by offering three different modes namely: simplex,
half duplex and full duplex. Keeps different applications data separate from
other application's data
Check simplex, half and full duplex behind.
4) The Transport Layer:
Segments and reassemble data into a data stream,
Provides end to end data services and establishes logical connections between
host and receiver on an internetwork. It controls the flow control system on
data integrity by preventing overflow of buffers in the receiving host.
TCP is reliable while UDP is not in this layer.
5) The Network layer:
Manages devices addressing tracks location on the router. This router finds
packets destination and this layer uses 2 types of packets namely data and router
update packet respectively.
6) Data - link layer:
Provides physical transmission of data, handles error notification, network,

topology and flow control.
Combines packets into bytes and bytes into frames
Provides access to media using MAC addresses
Provides error detection not correction
Translate messages from the network layer into bits for the physical layer to
transmit
7) The Physical Layer:

It sends bits and receives bits, Specifies voltages, wire speed, and pin out of
cable.
1.3) Connection Oriented Communication.
In reliable transport operation, a device that wants to transmit sets up a

connection-oriented communication with a remote device by creating a session.
The transmitting device first initiates a connection-oriented session with its peer
system.
The types of flow control are buffering, windowing and congestion.
Flow control is an end-to-end mechanism that controls the traffic between a

sender and a receiver.
Buffering
A buffer is a data area shared by hardware devices or program processes that

operate at different speeds or with different sets of priorities.
The buffer allows each devices or process to operate without being held up by
the
For flow control, a buffer at the output level helps to slow down the frequency
of the upstream data when the next router is congested
Windowing: The quantity of data segments measured in bytes that the

transmitting machine is allowed to send without receiving an acknowledgment
from them is called a window
CLA
Congestion control: It is a mechanism control that controls the traffic placed by

the transport layer into the network.
1.4 Ethernet Networking

It uses the CSMA / CD (Carrier Sense Multiple Access with collision Detection
with heavy collisions.
 Delay
 Low throughput
 Congestion
Data encapsulation
This occurs when a host transmits data across a network to another device, the
data goes through encapsulation. It is wrapped with protocol information at
every layer (OSI)
 Protocol Data Unit (PDU’s) are used Communication and exchange

information.
 TCP / IP (Transmission Control protocol / internet protocol)
The Transmission Control protocol slash internet protocol, is the set of

Communication protocols used in the internet and similar computer networks.
The Current foundational protocols in the Suite are the Transmission Control
protocol and the Internet protocol, as well as the User Datagram Protocol
1.5THE DOD (Department of Defense).
The Department of Defense (DOD), is basically a condensed version of the

OSI model. It's composed of four, instead of Seven ( 7 ) layers namely
1) Process / Application layer

2) Hast - to - host layer
3) Internet layer
4) Network layer
DOD MODEL
Process Application
Host to Host
Internet
Network Access
1.7 APPLICATION LAYER PROTOCOLS ( Layer1 DOD)
The application/process layer of The DoD model consist and comprises of the
following protocols and their functions.
i) ICMP (Internet Control Message Protocol)
- They can provide host with information about network problems.
- They are encapsulated within IP datagrams.
ii) ARP (Address Resolution Protocol).
- Finds the hardware address of a host from a known IP address.

- Sends a broadcast and interrogates local network to send the hardware
address of the specified machine with the IP address.
- Translates the software (IP) addresses into hardware address.
iii) RARP (Reverse Address Resolution Protocol).
- Resolves Ethernet (MAC) addresses to IP addresses in ip machines with

diskless, functions by representing.
iv) Proxy ARP (Proxy Address Resolution Protocol).
- Helps machines on a subnet reach remote subnets without configuration

of routings or even a default gateway when a default gateway happens to
go down.
v) HSRP (Hot standby Router Protocol)
- A císco proprietary redundancy protocol for establishing a fault-tolerant

default gateways.
vi) IP Addressing (Internet protocol)
- An internet protocol address is a numeric identifier assigned to each

machine on an IP network.
- Defines specific location of a device on the network.
- A software address and used for finding host on a local network.
- Designed to communicate between host from one network with a host
from another network regardless of their participating LANS.
Vii) Telnet
- Allows a user on a remote client machine, called the Telnet client, to

access the resources of another machine Called the Telnet server.
viii) FTP (File Transfer Protocol).
- The protocol allowing us to transfer files.

- It's both a protocol and a program managing file task.
ix) TFTP (Trivial File Transfer Protocol).
- Forwards smaller blocks of data than FTP and is less secure.
- Sends and receive files only.
x) NFS (Network File System).
- Allows 2 different types of file systems. to interoperate.
xi) SMTP (Simple Mail Transfer Protocol).
- It's used to send mails.
xii) LPD-Line Printer Daemon.
- It's designed for printer sharing with the Line printer program, allowing
print jobs to be spooled and sent to the network's Printers rising TCP / IP.
xiii) X window
- Designed for client/server operations, it allows a program client from one
computer and allow it display things through a window server on another
computer.
xiv) SNMP (Simple Network Management Protocol)
- Collects and manipulates valuable network information from a
management station intervals requiring intercom connected devices to
disclose certain information.
xv) Domain Name Service (DNS).
- Allows you to use a domain name to specify an IP address on the internet.
- DHS is used to resolve a fully Qualified Domain Name ( FQDN ).
xvi) DHCP (Dynamic Host Configuration Protocol)
- More complex than the Bootp, through Bootp sends an operating system
that a host can boot from while DHCP can't.
- DHCP consists of ... and can provide;
 IP address
 Subnet mask
 Domain Name
 Default gateway (routers).
 DNS (Domain Name Service).
1.8 Host-to-Host Layer Protocols.
- It involves the following protocol.
- Top (Transmission control protocol).
- UDP (user Datagram Protocol).
1.8.1 TCP/Transmission Control Protocol).

- Takes large blocks of information from the application layer and breaks
them into segments, in the exact order the application layer intended.
- Destination port (the port number of the application requested application
on the destination host).
- Source number (A port number of the application on the host sending the
data)
- Sequence number (A number used by Tcp to rearrange data back to it’s
corrects order).
- Acknowledgment number ( The TOP octet that is expected next ).
- Header Length ( The number of 32 - bit words in the TCP header ).
- The cyclic Redundancy check , checks the header and data fields.
1.8.2 UDP ( User Datagram Protocol ).
- Transports information that doesn't require reliable delivery.
TCP UDP
- Sequenced - unsequenced
- Reliable - Unreliable
- Connection oriented - Connectionless
- Virtual Circuits - Low overhead
- Acknowledgments - No Acknowledgment
- Windowing flow control - No windowing flow control
- port numbers - port numbers
1.9 Internet Layer Protocols
For routing and providing a single network interface to the upper layers.
Involves the following;
- Internet protocol ( IP )
- ICMP (internet Control Message Protocol)
- ARP ( Address Resolution Protocol)
- RARP (Reverse Address Resolution Protocol).
- Proxy ARP
- Flags specify whether fragmentation should occur.
2.0 Network Access Layer
- Handles the physical addressing and delivery of data across the network
and is where protocols such as 802.2, 802.3, and Ethernet reside.
2.1 Sub netting Networks
2.2 Subnetwork;
A subnetwork or a subnet is a logical subdivision of an IP network.
sub netting;
It is the practice of dividing a network into two or more smaller logical
subnetworks.
Subnet Mask;
It is a 32 bit number that masks an ip address, and divides the IP address
into a network address and host address.
It performs a bit-wise AND operation on the netmask to identify a
network address in an IP address.
Subnet mask accompany an Ip address independently and does not affect
the IP address but work simultaneously together.
 Ethernet MAC address.
MAC-Medium Access Control:
The Ethernet network uses 2 hard ware addresses which identify the
source and destination of each frame sent by the Ethernet.
Each computer network interface card is allocated a globally unique 6
bytes address when the factory manufactures it inside a PROM:
This is the normal source address used by an interface
TERMINOLOGIES:
1) PROTOCOL:
A network protocol is an established set of rules that determines how
data is transmitted between different devices in the same network.
2) FRAME:
It is a unit of data. A frame works to help identify data packet used in
networking and tele communication structures.
Frames also helps to determine how data receivers interpret a stream
of data from a source.
3) Packet:
It is a small amount of data sent over a Transmission control / Internet
Protocol ( TCP / IP ) networks.
4) NETWORK SEGMENT:
The process of dividing a network into multiple smaller networks.
5) FRAGMENT:
A piece of a data packet that has been broken into smaller pieces in
order to accommodate the maximum Transmission Unit (MT2).
6) REPEATER:
A repeater is an electronic device that amplifies the signal it receiver.
7) BRIDGE:
A Connectivity device that forwards data based on a physical
address.
8) Hub:
A connectivity device to which network cables are attached to form a
network Segment.
9) SWITCH:
Smatter version of a hub, it is aware of addresses associated with each
of its ports and forwards each in coming data to the correct port.
10) MODEM:
It modulates / demolates signals between the digital data of a
computer and the analog signal of a telephone cell.
11) ROUTER:
A connectivity device that filters and forwards data based on a logical
address. They play a vital role in controlling traffic and efficient use
of the internet.
12) Broadcasting:
It is the process of sending data packets to multiple recipients all at
once.
The scope of the broadcast is limited to a broadcast domain.
13) Multicast:
It is group communication where data transmission is being address
ed to a group of destination Computers simultaneously.
It can be one to many or many to one distribution.
Multicasting is the process of multicast.
14) Unicast:
It is the communication where -piece of information is sent from a
point to another point.
Involves a sender and a receiver only.
Unicast applications involves, the following: (HTTP, SMTP, FTP and
TELNET)
- uses the TCP transport protocol -1.8 Host-to-Host Layer Protocols. It
involves the following protocol. Top (Transmission control protocol).
N/B
One way to significantly ease scaling to larger groups of clients in multicasting

is to employ multitask networking.
- Applicable in video server transmitters for TV channels to many clients.

3.0 IP Address Construct and Representation.
An ip address is a thirty-two (32) bit binary number.
The 32 bits are separated into four groups of eight ( 8 ) bits called octets .
However, an IP address is represented as a dotted decimal number, (for

example (205.57,32.9).
NEED FOR SUBNETTING.
1) Seperates a network into 2 or more networks called subnet.

2) Avoids traffic within a network.
3) Improves speed and efficiency in network performance
4) Reduces congestion within a network.
5) Facilitates spanning of large geographical distances
6) It is difficult to implement security and other policies when a network
isn't sub netting that is all connected networks on the broadcast are
operated as one.
3.1THE SUBNETTING PROCESS.

In order to create IP subnets, host bits changed to network bits. This is
often Called borrowing bits.
It is also often referred to as taking host bits and giving them to the
network.
By borrowing host bits, more IP subnets are created, but each subnet can
support fewer hosts.
To change a host bit to a network bit, the subnet mask must be changed.
Remember, a binary 0 in the subnet mask means that bit is part of the
host portion of an ip address. A binary 1 in the subnet mask means that
bit is part of the network portion of an IP address. So to change a bit to a
network bit, the binary value of the bit must be changed from 0 to 1 in the
subnet mast.
When calculating subnets, take note of the following:
- The possible number of subnets.
- Possible number of Host per subnet.
To know the number of subnets, valid host per subnet, valid subnets,
broadcast address and valid host in each subnet, we use a formula system
for their calculation.
1) 2x=
Where x is the number of mask bit or the ones (1s)
For example in 11000000, the number of ones gives
22 subnets = 4 subnets.
2) How many host bits per subnet
2y -2=
Where y is the number of unmasked bits per zeros (0s)
From the above example, y = 6
=> 26-2 = 62
3) What are the valid subnets.
[ 256 - Subnet mask = block size ]
From the above, 256-192 = 64, for a class C address
The block size of a 192 mask is always 64
4) Subnets = 0 , 64 , 128 , 192
From the above 64 ( the block size ), we add from 0 ( zero )
continually to the subnet mask.
5) What is the broadcast address for each Subnet?
Since we counted our subnets as 0, 64, 128 and 192, the broadcast
address is always the number right before the next subnet.
For example; the zero subnet has a broadcast address of 63 because
the next Subnet is 64.
The 64 subnet has a broadcast address 127.
The broadcast address of the last subnet is always 255.
Exercises
Given the mask 255.255.255.128 / 25 network address 192.168.10.0
Soln
Given
Since 128 is 1 bit "on", as ;
10000000
a) number of subnets
 2¹ = 2
b) Host bit per subnet
 27- 2 = 126
c) Valid subnet
 256-128 = 128
d) Subnets address
 01128
e) Broadcast address
 127 , 255.
2) Given the mask 255.255.255.224/27 network address. T
a) How many subnets are involved.
b) Calculate number of host per bit
c) Calculate number of valid subnets
d) Calculate Broadcast address
e) Calculate host range
Soln
Given
11010111 = 224
a) 26 = 64
b) 2² - 2 = 2
c) 256-224 = 32
d) Broadcast address = 31, 63, 127, 255.
e) Subnet address 0, 32, 64, 128, 256.
f) Subnet address: 0, 32, 64, 128, 256
1st host 0.33, 65.129
Last host 0, 30, 62, 126, 254
Broadcast address 192.168.10.0
3) 255.255.255.248/28
192.168.10.0
4) 255.255.255.248/29
192.168.10.0
Soln
Given
11011111 = 240
a) 27 = 128
b) 21 - 2 = 0
c) 256-240 = 16
d) Broadcast address = 0,15,31,63,127
e) subnet address 0,16,32,64,128
1st host = 0,17,33,65,129
Last host = 0,14,30,62,126
Soln
Given
11110111=248
a) 27=128
b) 21-2 = 0
c) 256-248 = 8
d) Broadcast address, 0,7, 15, 31, 63, 127
e) Subnet address: 0, 8, 16, 32, 64, 128
First host: 0, 9,17,33,65,129
Last host: 0,6,14, 30, 62,126
3.2CLASSES IN ADDRESSING NETWORKS.

1) Class A Address:
In a class A network address the first byte is assigned to the network
address and the 3 ( three ) remaining bytes are used for the node
addresses.
The class A format is as follows:
Class A Network.node.node.node
For example, in ip address 49.22.102.70
The 49 above is the network address while the 22.102.70 is the node
addresses. Every machine on this particular network will have a
distinctive network address of 49.
Class A range = 0-127
2) Class B Address:
In a class B network address the first 2 bytes are assigned to the
network address and the remaining 2 bytes are used for node
addresses.
For example in the ip address;
172.16.30.56, the network address is 172.16 and the mode address is
30.56.
Class B range = 128-191
3) Class C Address:
The first 3 bytes of the class C network address are dedicated to the
network portion of the address with only one byte remaining for the
node address.
Using the ip address for example;
192.168.100 and the host address is 102.
In the class C network address, the first 3 bits positions are always
110.
Class C range = 192-223
Format Default subnet mask

Class A Network.Node.Node.Node 255.0.0.0
Class B Network. Network.Node.Node 255.255.0.0
Class C Network. Network. Network.Node 255.255.255.0
3.3 How to create subnet
Determine the number of required network ID’s

 One for each subnet
 One for each wide Area Network connection
2) Determine the number of required host ID’s per subnet
 One for each TCP / IP host

 One for each router interface.
3) Based on the above requirements, Create the following
 One unique subnet ID for each physical segment
 A range of host ID's for each subnet
WEB DEVELOPMENT
Here we'll be looking at different ways to creating a website, not necessarily by

the use of coding like in the programming guide, which focuses more on coding
and programming using programming languages like HTML, CSS, Javascript,
Java etc.
Unlike the above emphases, this guide elaborates or web development without
coding by interested to be web creators.
Irrespective of the limitations on the mastery of working using programming

languages, we’ll be building websites without the knowledge of coding
1) WEB DEVELOPMENT USING XAMPP and WORDPRESS.

2) WEB DEVELOPMENT USING XAMPP and VISUAL STUDIO /
Editor.
3) WEB DEVELOPMENT USING WORDPRESS
4) WEB DEVELOPMENT FROM DIRECT CODE TYPING PRACTICE .
WEB DEVELOPMENT USING XAMPP and WORDPRESS
First we'll elaborate on the major sectors

i) XAMPP: It is an abbreviation with meaning –
X - Cross - platform
A - Apache
M - MariaDB
P - PHP (Hypertext Preprocessor)
P - Perl
It allows you to build WordPress sites offline, on a local web server on your
computer; This simple and lightweight solution works on windows, Linux and
Mac, hence the slogan "Cross-platform" as a flexible application seoftware for
most operating systems
XAMPP is a completely free, easy to install Apache distribution containing

MariaDB, PHP, and Perl. The XAMPP open source package has been set up to
be incredibly easy to install and use. All of the abbreviations are symbolic in it's
operation.
You can download and install
ii) WORDPRESS:
It stores content and enable a user to create and publish web Pages, requiring
nothing beyond a domain and a hosting server.
WordPress has a web template system using a template processor.
It is an application software that goes along XAMPP more efficiently and

effectively as to easy regulatory of processing and local hosting aids
HOW IT WORKS
Download and install XAMPP and run WordPress locally, you need create a
local server environment
Set up XAMPP: Once the installation process has completed, load XAMPP and
start the Apache and MySQL modules
Create a Database Every WordPress installation needs its own database, so we

begin by creating one. Select the MySQL Admin button that opens up
“phpMyAdmin” in a browser tab.
Select the “Databases”, to create your database
You can create using whatever name you prefer especially descriptive, then
Click create and you're done.
 Download, configure and install Wordpress

 Follow tutorial videos on Youtube, social sites, or the internet for process
to process WordPress Web development and host on the XAMPP local
host before professional handling of the website I'm near explanations for
optimization.
2) WEB DEVELOPMENT USING XAMPP and VISUAL STUDIO OR ANY

CODE EDITOR.
 Here we wouldn't be using WordPress at all.

 From the above revelations on XAMPP and its installation, we'll be
downloading a programming editor for example visual studio as well.
 In the set up folder of the XAMPP software application installed,
somewhere in your computer storage, open up and locate a sub folder
called “htdocs”, we'll be looking at it more often apparently.
 Next, we'll locate already coded website source code templates on the
internet and download the already, coded templates suitable for the kind
of web site you intend building
 Copy the folder to the downloaded coded website template on whatever
programming language it was written in and paste in the "htdocs" sub
folder.
 Extract the template folder there in the "htdocs" and enter any browser of
choice.
 Type “localhost : 8080 / templatename. Click enter.
 There in the visual studio / Editor, the codes on the coded website
template a runs full, for basic editing of most usually: Comments and
paragraphs within the code, like changing of the website name, change of
contact and email, change of logo, change of company slogans etc.
 Run the codes on local hosting again and check updates.
 Correspondingly, the website awaits professional handling for ranking to
be explained ahead, starting with obtaining a domain and hosting.
3) WEB DEVELOPMENT USING WORDPRESS
 Install WordPress
 Select a WordPress plan
 Set up your domain name provider
 Choose your theme
 Add posts and pages your website
 Customize your website
 Install plugins
 Optimize your website to increase page speed and reach out.
WEB DEVELOPMENT FROM DIRECT TYPING PRACTICE
 As it implies, we'll be getting already free codes on websites and type

them out code to code, editing the necessary as desired by the creator.
 After correctly typing out the website codes as desired, host the website
on a local host server directly web browser.
 Then later, advocate for a domain and hosting your website on and
hosting for the edited website and optimize your website on the internet
for search engines and accessibility:
DOMAIN AND HOSTING.
A domain name refers to the URL typed by internet users on their web browser
address bar to access their sites.
Every domain name has a matching IP address that keeps it located online.
You need a domain before web hosting.
Web hosting Services allow you to publish the website on the internet
If you buy a hosting service from a provider, you will have a portion of their
web servers to store your website's files and data
In addition to storing website files, a web frost protects the server and your
website files, from malicious attacks.
Thought!
Some people recommend that you should have separate hosts for your domain
and websites for two reasons:
Quiz
Why you should have separate hosts:
Answer
1) Better security against hacking.
If a hacker gains access through your domain, they can get access through all
your files
They could log out the website and transfer the domain
2) Preventing domain loss:
You could loss a domain completely if you didn't switch domains or repay
before expiry.
WEB HOSTING, DOMAIN REGISTRATION, DNS and How To Host a
website.
1) How Websites work;
xxxxxxxxxxxxxxx
3) What is your goal?
Project the future.
 One website only?

 Vision for many websites?
 WordPress, builders, development
 High traffic (global) Vs low traffic (local)
 You can always upgrade
4) WEB HOSTING OPTIONS
TYPES OF WEBHOSTING
i) Shared web hosting

ii) Reseller web hosting
iii) Virtual Private Server (VPS)
iv) Dedicated web hosting
v) Cloud webs hosting
vi) Managed WordPress web hosting
Research to elaborate more on above webhosting options
SEO (SEARCH ENGINE OPTIMIZATION)
It involves two (2) types

 On Page
 Off Page
1) On page: splitted into 2, namely content and technical experts.
- HTML source code
Technical experts - Schema
- Mata tags
For On page,
 Find search terms for the domain.

 Add pictures, videos, time lapses.
 Optimize the meta tags, Alt tags and Header tags
 Continuous persuasion on search engine
2) Off Page
Increases site popularity
 Relevance
 Trust worthiness
 Authority
 Done by other reputable websites scrambling for your tags
 backlinks
 Social media marketing
 Quest blogging
 Linked/ unlinked brand mentions.
 Influencer marketing and much more
Quiz
Which of the following is the most effective way to improve off page SEO?
A) Creating plenty of webpages of a content

B) Getting backlinks from relevant and authoritative sites.
C) Acquiring backlinks through link bring
SEO RANKING FOR NUMBER ONE.
STEP BY STEP GUIDE
STEP 1
Find 3 key words (popularly spoken words on the subject)
STEP 2
 Create Epic Content

 A Hook, it could be:
 STAT
 Case study example
 Unique Strategy
 Rare interview
 Tool or widget
 Visualization
STEP 3
Keyword optimization
 In your title tag

 In the first 100 words of your page
 In your image ALT Text
 In an H1 tag
 In an H2 tag
 In the last 100 words of your page.
STEP 4
Optimize your content for users
structure your content so user start getting actionable content information as

soon as possible (Design/content).
STEP 5
Build Back links
Use Broken links
BONUS STEP
USE unique images to distinguish your website from duplicated image website
experiments.
TIPS FOR THE ABOVE SEO EXERCISES
 SEO Basics Checklist

 Keyword Research checklist
 On-page SEO checklist
 Technical SEO checklist
 Content checklist
 Link Building checklist
 Bonus #1: Advanced SEO Tips and tactics
 Bonus #2: Case studies and examples
 Conclusion.
SOFTWARE ENGINEERING QUESTIONS AND ANSWERS
Q1) What are the important categories of software?
Ans
 System software
 Application software
 Embedded software
 Web Applications
 Artificial Intelligence software
 Scientific software.
Q2) What is the main difference between a computer program and computer.
Ans
A computer program is a piece of programming code. It performs a well defined

task. On the other hand, the software includes programming code,
documentation and user guide.
Q3) What is software re-engineering?
Ans
It is a process of software development which is done to improve the

maintainability of a software system
Q4) Describe the software development process in brief.
Ans
The software development is a life cycle composed of the following stages
 Requirement analysis
 Specification
 Software architecture
 Implementation
 Testing
 Documentation
 Training and support
 Maintenance
Q5) What are SDLC models available?
Ans
SYSTEM DEVELOPMENT LIFE CYCLE (SDLC)
 Waterfall Model
 Spiral model
 Big - bag model
 Iterative model
 V - model
The above models are famous SALC models.
Q6) What is verification and validation?
Ans
Verification: Verification is a term that refers to the set of activities which

ensure that software implements specific function.
Validation: It refers to the set of activities which ensure that software that has
been built according to the need of clients
Q7) In software development process, what is the meaning of debugging?
Ans
Debugging is the process that involves in the removal process that results of
errors. It is very important part of the successful testing.
Q8) How can you make sure that your code is both safe and fast?
Ans
In the software, development security is always first. So if the execution of the

program is slow then, I will by to identify the reason out ways to its time
complexity
Q9) Name two tools which are used for keeping back of software requirements?
Ans
There are many ways to keep track of requirements.
Two commonly used are:
Make a requirements specification document to list all of the requirement.
Create an excel sheet that list down the requirement, type, dependency, priority
etc.
Q10) What is the main difference between a stub, a mock?
Ans
A stub is a minimal implementation of an interface which generally returns hard

coded data while mock mostly verifies outputs against expectations
Those expectations are set in the test.
Q11) What is computer software?
Ans
Computer software is a package which includes a software program, it's

documentation and user guide on how to use the software.
Q12) Who is the software project manager? What is his role?
Ans
A software project manager is a person responsible for managing the software

development project.
The project manager is doing the project planning, monitoring the progress,
Communication. He or she also manages risks and resources to deliver the
project within time, cost, and quality constraints.
Q13) What is meant by software scope?
ANS
Software scope is well-defined boundary. It includes all kind of activities that

are done to develop and deliver the software products.
The software scope defines all functionalities and artifacts to be delivered as a

part of the software. The scope also identifies what the product will do? What
is not the part of the project? What is project estimation.
This process is helpful to estimate various aspects of the software product. This
estimation can be decided either consulting experts or by rising pre-defined
formulas.
Q14) How to find the size of a software product?
Ans
The size of software product can be calculated using the following two
methods.
 Counting the lives of deliver of code

 Counting delivered function points.
Q15) What are function points

Function points are the features which provided by the software product: It is
considered as a must important measurement for software size.
Q16) What are software project estimation techniques available?
Ans
Most widely used estimation techniques
are:
Decomposition techniques
Empirical technique
Q17) What is software configuration management?
Ans
Software configuration management is a process of tracking and controlling

changes that happen in the software.
Changes control is a function which ensures that all changes made into the
software are consistent and Created using organizational ruler and regulations.
Q18) How can you measure project execution?
Ans
? measure We can measure project execration rising Activity Monitoring, status

Reports, and Milestone Checklists
Q19) List some project management tools.
Ans
There are many types of management tools used as per the need for a software
project. Some of them are:
 Pert chart
 Gantt chart
 Resource Histogram
 Status Reports etc.
Q20) What are software requirements?
Ans
Software requirements are a functional description of a proposed software

system. It is assumed to be the description of the target system, it's
functionalities, and features
Q21) What are functional requirements and Non-functional requirements?
Ans
Functional requirements are functional features which are expected by users

from the proposed software product.
Non-functional requirements are related to security, performance, look, and feel

of the user interface
Q22) What is software metric?
Ans
Software Metric offers measures for various aspects of software process which
are divided into
1) Requirement metrics: Length requirement, Completeness
2) Product metrics: Number of coding lines, object-oriented metrics, design and

test metrics.
Q23) What is computer modularization?
Ans
Modularization is a technique which is used for dividing a software system into
various discrete modules.
That is expected to carry out the tasks independently.
Q24) What is cohesion?
Ans
Cohesion is a measure that defines the intra-dependability among the elements

of the module
Q25) Mentions some software analysis and design tools
Ans
Some of the most important software analysis and designing tools are:
 Data Flow Diagram

 Structural Charts
 Structured English
 Data Dictionary
 Hierarchical Input Process Output diagrams
 Entity Relationship Diagrams and Decision tables.
Q26) What is meant by level - 0 (zero) Data flow diagram?
Ans
Ans - Highest abstraction level is called Level 0 of Data Flow Diagram (DFD).
It is also Called Context level DFD.
It portrays the entire information system as one diagram
Q27) What is the major difference between structured English and

PseUdocode?
ANS
Structured English is native English language. It is used to write the structure
of a program module
It uses programming language key words. On the other hand, Pseudo Code is
more like to the programming language without syntax of any specific
language.
Q28) What is structured design?
Ans
Structured design is a conceptualization of problem. It's also called solution

design and which is based on divide and conquer strategy.
Q29) What is functional programming?
Ans
It is a programming method, which uses the concepts of a mathematical

function.
It provides means of computation mathematical functions, which also produces

results irrespective of program as state.
Q30) What is Quality Assurance Vs Quality Control?
Ans
Quality Assurance checks if proper process is followed while developing the

software while Quality Control deals maintaining the quality of software
product.
Q31) What are CASE tools?
ANS
CASE means Computer Aided Software Engineering. They are set of
automated application programs which are used to support, exhance and
strengthen the SDLC activities.
Q32) Which process model removes defects before software get into trouble?
Ans
Clean room software engineering, method removes defects before software gets
into trouble.
Q33) Differentiate between an EXE and a DLL?
Ans
An exe is an executable program while DLL is a file that can be loaded and
executed by programs dynamically.
It is an external code respository for programs
As both are different programs, reuse the same DLL instead of having that cook
in their file.
It also reduces required storage space.
Q34) What is strong-typing and weak-typing? which is preferred?: why?
Ans
Strong typing checks the types of variables at compile time. On the other hand,
weak typing checks the types of the system at run time. Among them, strong
typing is always preferred because it typing the bugs.
Q35) Describe the difference between Interface-oriented, object-oriented and

Aspect-oriented programming?
Ans
interface programming is contract based.
Object-oriented is a way to write granular objects which have a single purpose.
Aspect-Oriented programming is to segregate the code in such a manner that

various objects carry the main tasks, and the subsidiary tasks are carried by
independent objects.
Q36) Why using catch (exception) is always bad idea?
Ans
It is a bad idea because,
As there is no variable defined, it is not possible to read the exception
It is good to use an exception where your known exception types.
Q37) What to type of data is parsed via HTTP Headers?
Ans
Script and metadata passed via HTTP headers
Q38) How do you prioritize requirements?
Ans
First, you need to design a system by evaluating data structure. Then you
should move on the code structure needed to support it can easily be
Q39) Give a difference between object oriented and component-based design?
Ans
Object-oriented design encapsulated to some degree in component-based

design.
Q40) When do you use -polymorphism?

Ans
Polymorphism is used when there is a need for override functionality when

inheriting class. It's about shared classes and shared Contacts.
Q41) What is the difference between stack and queue?
Ans
Queue is always First In, first out
Stack is always Last in, first out.
Q42) Essentials for testing the quality of the code?
Ans
The unit testing framework is essential for testing the quality of the code
43) Outline differences between tags and branches?
Ans
Tags are for versioning releases which are temporary holding places for doing
such thing. However, branches are deleted when those changes are merged into
the trunk
Q44) Where is a protected class - level variable?
Ans
Protected class-level variables are available to sub-class derived from the base
class.
Q45) When do you need to declare a class as abstract?
Ans
We should declare a class in the following situations.

1) When the class is inherited from an abstract class, but not all the abstract
methods have been overridden.
2) In this case when minimum one of the methods in the class is declared as an
abstract.
Q46) According to you, when should users be trained on a new system?
Ans
Driving the implementation phase.
Q47) What is integrated Development Environment?
Ans
An IDE is a GUT-based software program. It is designed to help programmers

build applications with all the needed programs and libraries
Q48) What is an interface?
Ans
The interface is similar to a class in Java, but it is a collection of abstract

methods.
A class can have more than one interface
Q49) What is a class?
ANS
A class is a blueprint for creating objects
A class contains methods and variables which are a class instance.
Q50) Distinguish between constructor and method abstract class and interface
Ans
The difference between class and interface is;

Abstract class Interface
Abstract class doesn't support inheritance Interface supports multiple inheritance
An abstract class would contain constructor Interface does not contain a constructor
The Abstract class is declared using the using The interface is declared using the
“Abstract” keywords
“interface” keywords
It can be used with all access modifiers It can be used with only public access
modifier
Q51) What is an abstract class?
Ans
A class having an abstract Keyword is Called an abstract class.
Q52) What is Artificial Intelligence?
Ans
Artificial Intelligence or machine intelligence is a common term that is used to

build smart machines capable of perform tasks. The main aim of AI is to solve
problems in a way that are better and faster.
Q53) What is machine learning?
Ans
Machine Learning is a system that can learn from an excellent example through
Self-improvement and without being explicitly coded by a programmer,
Q54) Explain the term deep learning.
Ans
Deep learning is computer software that mimics the network of neurons in a

brain.
It is a subset of machine learning and is called deep learning because it makes
use of deep neural networks
Q55) List out different OOP principles?
Ans
OOP = Object Oriented Programming
Principles are:
 Encapsulation
 Abstention
 Inheritance
 Polymorphism.
Q56) Explain the various type of access modifier
Ans.
There are four types of access modifiers;
 Private: Visible to a particular class

 Public: Visible to the world
 Protected: Visible to specific package as well as subclass.
Q57) Highlight the solution of instruction hazards
Ans
The data hazards can be resolved by forwarding, if the result is computed Soon
enough, otherwise, they require stalling the pipeline until the result is available.
Control hazards occur when the decision of what instruction to fetch has not
been made by the time the next instruction must be fetched
Q58) Explain the functions to be performed by a typical I/O interface.

Ans
 It is used to synchronize the operating speed of CPU with respect to

import output devices.
 It selects the input-output device which is appropriate for the
interpretation of the input-output device.
 It is capable of providing signals like control and timing signals
Q59) Explain in details about interrupt handling
Ans
Interrupt handling is a key function in real-time software, and comprises

interrupts and their handlers!
Only these physical interrupts which of high enough priority can be centered
into system interrupt table. The software assigns each interrupt table.
Q60) Explain the concept of virtual memory with any one virtual memory
Management technique.
Ans
Virtual memory is a common technique used in a user's operating system (OS)
Virtual memory uses both hardware and software to enable a computer to

compensate for physical memory shortages, temporarily transferring data from
Random Access Memory (RAM) to disk storage.
Q61) Explain the basic concepts of memory system.
ANS
A memory is just like a human brain. It is used to store data and instructions -
Computer memory is the storage space in the computer, where data is to be
processed and instructions required for processing are stored. The memory is
divided into large number of small parts called cells.
Q62) Discuss the DMA driven data transfer technique
ANS
Direct Memory Access (DMA) is a data transfer strategy that bypasses the
CPU, instead using a dedicated DMA controller to transfer data between
memory and a device. Divers can use the DMA Controller to transfer data
directly.
DMA programming techniques include:
1- Scatter/Gather DMA
2- Common - Buffer System DMA.
3- Bus-Master AMA.
Q63) Discuss about software MODEM and system on silicon
ANS
Soft modems are the newest type of modem to come onto the PC market. Here,
both the control functions and the data pump functions are performed by the PC.
processor. Because soft, modems implement both the control and modulation
functions as software algorithms running on the PC processor, the incremental
costs for the modem design are small.
The development of system-on-silicon large-scale integration (LSI) devices has

significantly influence the demand for higher wiring connectivity with LSI
Chips.
Q69) Explain the various forms of memories present in a system.

ANS
Computer memory is of two basic types
Primary memory (RAM and ROM) and Secondary memory (hard drive, CD,
etc). Random Access Memory (RAM) is primary volatile memory and Read-
Only Memory (ROM) is primary-non-volatile memory.
Q66) What are the responsibilities of a soft ware project Manager
ANS
A software project Manager is responsible for driving the project towards

Successful completion.
 Project planning
 Project status tracking
 Resource Management
 Risk management.
 Project delivery within time and budget.
Q66) What is Software configuration management?
Software configuration management is the process of tracking and controlling

the changes that occur during the software development lifecycle.
Any change made during software development has to be backed through a

well-defined and controlled process.
Configuration management ensures that any changes made during software

development are being controlled through well - defined process.
Q67) What is Black box testing?
ANS
Black box testing involves testing the application without the knowledge of the
Internal structure or code implementation. Testers would only bother about the
functionality of the software in black box testing rather than data flow and code
execution in the Black end.
Q68) What is white box testing
ANS
White Box testing is testing the application with the knowledge of the internal
structure and code implementation. This testing is generally performed by the
form of unit tests.
Q69) How can you measure project execution?
ANS
Project execution status can be monitored using the following techniques
 Status Reports
 Milestone Checklists
 Activity Monitoring
Q70) What are the fundamental Requirements?
ANS.
Functional requirements are the features that a developed software product is

expected to perform.
For example; adding a payment option at an eCommerce website will be a

functional requirement.
Q71) What are Non - functional Requirements?
- ANS
Non - functional requirements measure, the usability of the application such as
user interface look and feel, security, Performance, Interoperability, Reliability,
etc.

Computer Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Computer Security

Uploaded by

Copyright:

Available Formats

Computer Security

2.0 Identification and authentication.

When a computer system has to verify a user’s information, they take in

Who are you?

A username is used to establish identity while a password is used to establish

An identification system consist of a database of passwords indexed by

There are various ways in which a user-name/password identification system

2.3 Password Guessing

Suppose a hacker wants to gain access in a system which is protected by a

Guessing using personal knowledge of the user.

Another efficient means of password generating for easy memorizing is by

Some user-name/password systems insist that the user’s password contains,

An exhaustive search is similar to a dictionary search, but in the exhaustive

In general, if a password is “n” character long and is made up from an alphabet

5) Asking the user

2.4 User and System Defense

When a username/password system is implanted, it is important that the

1. Insist that the user creates a password.

2.5 Attacking the password file

It is very important in securing a password file especially from external

1. Using cryptographic protection.

Ideally the password file which contains all email/username/password should be

2.6 Password Salting

2.7 One-time password (OTP)

Some systems are now making use of OTP.

It constantly changes the password, the risk of a password been discovered

Should in case an attacker finds a password, he will only be able to gain

The password will be rejected the next time he tries it again.

One time password typically works in one of these three ways;

 The mathematical algorithm is use to generate a new password based on

Cyber security refers to the technologies, processes and practices design

Cyber attackers are committed for variety of reasons including financial

3.1 THE SIX(06) COMMON SOURCES OF CYBER THREATS ARE AS

3. Insider and service providers

4. Developers of substandard products and services

5. Poor configuration of cloud service

3. Man-in-the middle attack

Malware is a term used to describe malicious software, including

Malware breaks a network through a vulnerability, typically when a

Once inside the system, malware can do the following;

i. Block access to key component of the network (ransomware).

3.2.2 MAN IN THE MIDDLE ATTACK

Man in the middle attack also known as eavesdropping attack, occurs

3.2.2.1 TWO COMMON POINTS OF ENTRY FOR MAN IN THE MIDDLE

i. Unsecure Public Wi-Fi: Attackers can insert themselves between visitors

3.2.3 DENIAL OF SERVICE ATTACK

The Denial of service attack, floats systems servers or network to traffic

As a result, the system is unable to fulfil legitimate request.

3.2.4 SQL Injection

A structure Query Language (SQL) injection occurs when an attacker

An attacker could carry out SQL –injection simply by submitting malicious

A zero day exploit hits after a network vulnerability is announced before

Attackers target the disclosed vulnerability during this window of time.

Zero day vulnerability threat detection requires constant awareness.

3.2.6 DNS Tunnelling

Domain Name service Tunnelling utilizes the DNS protocol, to

Phishing attacks are the practice of sending fraudulent communication

3.2.7.1 How Does Phishing Works.

Phishing starts with a fraudulent email of the other communication that

The message is made to look although it comes from a trusted sender.

If it fools the victim, he or she is coaxed/forced into providing confidential

3.2.7.2 What are the Dangers of Phishing Attacks?

Sometimes attackers are satisfied by getting a victims credit card

Sometimes, phishing emails are sent to obtain employees login information, or