BE Computer Engineering (IOE, TU) Computer Networks and Security (IOE, CT 703 / ENCT 304) Question Paper 2079

Compare and contrast the OSI reference model and the TCP/IP protocol suite. (a) Draw both layered architectures side by side and clearly map the corresponding layers. (b) Explain the principal functions and the protocols/PDUs associated with each layer of the TCP/IP model. (c) Discuss why the OSI model, despite being more complete, was overtaken by TCP/IP in practical networking.

An organization has been allocated the network block 192.168.10.0/24 and must accommodate four departments with 50, 25, 12 and 10 hosts respectively. (a) Apply Variable Length Subnet Masking (VLSM) to design an efficient addressing plan. For each subnet, give the subnet address, the subnet mask (in dotted-decimal and CIDR notation), the usable host range, and the broadcast address. (b) State how much address space remains unallocated. (c) Briefly explain the advantages of VLSM over fixed-length subnetting.

Routing is a core function of the network layer. (a) Differentiate between distance-vector and link-state routing algorithms with respect to information exchanged, convergence and scalability. (b) Using a suitable example topology, illustrate one full iteration of the Bellman-Ford distance-vector update at a node. (c) Explain the count-to-infinity problem and describe two techniques used to mitigate it.

Cryptography underpins modern network security. (a) Distinguish between symmetric-key and asymmetric-key (public-key) cryptography, stating the merits and limitations of each. (b) Explain how the RSA algorithm achieves confidentiality and digital signatures; show the key-generation, encryption and decryption steps. (c) Describe how a digital certificate and a Certificate Authority (CA) help establish trust in a public-key infrastructure (PKI).

(a) Explain the TCP three-way handshake used for connection establishment, with a suitable diagram showing the SYN, SYN-ACK and ACK segments and the sequence/acknowledgement numbers. (b) Describe how TCP provides reliable, in-order delivery over an unreliable network.

Compare TCP and UDP in terms of connection orientation, reliability, header overhead, flow/congestion control and typical applications. For each protocol, name two real-world applications and justify why that transport protocol is suitable.

Explain the working of the Domain Name System (DNS). Describe the difference between iterative and recursive queries and trace the steps involved in resolving the name www.ioe.edu.np to an IP address using the DNS hierarchy.

(a) Differentiate between persistent and non-persistent HTTP connections. (b) Explain the role of cookies in maintaining state in HTTP and how a web cache (proxy server) improves performance and reduces latency.

(a) Differentiate between a packet-filtering firewall and a stateful (dynamic) inspection firewall. (b) Explain how a Virtual Private Network (VPN) provides secure communication over a public network, and state the role of tunnelling and IPSec in this context.

(a) Define the security goals confidentiality, integrity, availability, authentication and non-repudiation. (b) For each of the following attacks, identify which security goal it primarily violates: a denial-of-service (DoS) attack, a man-in-the-middle attack, and message modification in transit.

(a) What is a cryptographic hash function? List the essential properties it must satisfy. (b) Explain how a Message Authentication Code (MAC) and a digital signature differ in the type of security service they provide.

An IPv4 address is given as 172.16.45.200 with subnet mask 255.255.240.0. Determine (a) the network address, (b) the broadcast address, (c) the number of usable hosts per subnet, and (d) whether the host 172.16.32.10 lies in the same subnet.