BSc CSIT (TU) Science Network and System Administration (BSc CSIT, CSC412) Question Paper 2078 Nepal

Q: Where can I find the BSc CSIT (TU) Network and System Administration (BSc CSIT, CSC412) question paper 2078?

The full BSc CSIT (TU) Network and System Administration (BSc CSIT, CSC412) 2078 (regular) question paper is available free on Kekkei. You can read every question online and attempt the paper under timed exam conditions.

Q: Does the Network and System Administration (BSc CSIT, CSC412) 2078 paper come with solutions?

Yes. Every question on this Network and System Administration (BSc CSIT, CSC412) past paper includes a step-by-step solution, plus instant AI feedback when you attempt it on Kekkei.

Q: How many marks is the BSc CSIT (TU) Network and System Administration (BSc CSIT, CSC412) 2078 paper?

The BSc CSIT (TU) Network and System Administration (BSc CSIT, CSC412) 2078 paper carries 60 full marks and is meant to be completed in 180 minutes, across 12 questions.

Q: Is practising this Network and System Administration (BSc CSIT, CSC412) past paper free?

Yes — reading and attempting this Network and System Administration (BSc CSIT, CSC412) past paper on Kekkei is completely free.

Question

1long10 marks

What is automation in system administration? Explain configuration management tools and write shell scripts to automate user creation and backup tasks.

automationscripting

Answer 1

Automation in System Administration

Automation is the use of scripts, tools, and configuration management systems to perform repetitive administrative tasks (user creation, backups, patching, monitoring, deployment) with little or no manual intervention. It improves consistency, speed, scalability, and reliability, and reduces human error.

Configuration Management Tools

These tools define system state declaratively and enforce it across many machines:

Tool	Architecture	Language / DSL	Push/Pull
Ansible	Agentless (over SSH)	YAML playbooks	Push
Puppet	Master + agent	Ruby DSL (manifests)	Pull
Chef	Server + client	Ruby (recipes/cookbooks)	Pull
SaltStack	Master + minion	YAML (states)	Push/Pull

Key benefits: idempotency (re-running gives the same result), version-controlled infrastructure (Infrastructure as Code), reproducible environments, and centralized policy enforcement.

Shell Script 1 — Automate User Creation

#!/bin/bash
# create_users.sh — read a list of usernames and create accounts
USERLIST="users.txt"
while read -r username; do
    [ -z "$username" ] && continue
    if id "$username" &>/dev/null; then
        echo "User $username already exists, skipping."
    else
        useradd -m -s /bin/bash "$username"
        # set a default password and force change on first login
        echo "${username}:Welcome@123" | chpasswd
        passwd -e "$username"
        echo "Created user: $username"
    fi
done < "$USERLIST"

Shell Script 2 — Automate Backup Task

#!/bin/bash
# backup.sh — compressed timestamped backup of /home, with retention
SRC="/home"
DEST="/backup"
DATE=$(date +%F_%H-%M)
ARCHIVE="$DEST/home-backup-$DATE.tar.gz"

mkdir -p "$DEST"
tar -czf "$ARCHIVE" "$SRC" 2>/dev/null

if [ $? -eq 0 ]; then
    echo "Backup successful: $ARCHIVE"
else
    echo "Backup FAILED" >&2
fi

# delete backups older than 7 days
find "$DEST" -name 'home-backup-*.tar.gz' -mtime +7 -delete

The backup script can be scheduled with cron, e.g. a daily run at 2 a.m.:

0 2 * * * /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1

Answer 2

DHCP (Dynamic Host Configuration Protocol)

DHCP is an application-layer client/server protocol that automatically assigns IP addresses and other network configuration parameters (subnet mask, default gateway, DNS servers, lease time) to hosts on a network. It eliminates manual IP configuration and prevents address conflicts. DHCP uses UDP, with the server on port 67 and the client on port 68.

DHCP supports three allocation methods:

Dynamic allocation — addresses leased from a pool for a limited time.
Automatic allocation — a permanent address assigned from a pool.
Manual (static/reservation) allocation — a fixed address tied to a client's MAC address.

DHCP Message Exchange — DORA Process

Lease acquisition is a four-step handshake (DORA):

DHCP DISCOVER — The client broadcasts a DISCOVER message (source 0.0.0.0, destination 255.255.255.255) to locate any available DHCP server.
DHCP OFFER — Each server replies with an OFFER message proposing an available IP address and configuration parameters.
DHCP REQUEST — The client broadcasts a REQUEST message accepting one offer (identifying the chosen server), implicitly declining others.
DHCP ACK — The selected server sends an ACK confirming the lease; the client configures its interface. (If the address is no longer available the server sends a NAK.)

Lease renewal: at T1 (50%) of the lease the client unicasts a REQUEST to renew; at T2 (87.5%) it broadcasts to any server if renewal failed.

Client                         Server
  | ---- DHCPDISCOVER (bcast) ---> |
  | <--- DHCPOFFER ------------- |
  | ---- DHCPREQUEST (bcast) ---> |
  | <--- DHCPACK --------------- |

Steps to Configure a DHCP Server (Linux — ISC dhcpd)

Install the package: apt install isc-dhcp-server (Debian/Ubuntu) or yum install dhcp (RHEL/CentOS).
Set the listening interface in /etc/default/isc-dhcp-server (e.g. INTERFACESv4="eth0").
Edit /etc/dhcp/dhcpd.conf to define the subnet and options:

default-lease-time 600;
max-lease-time 7200;
authoritative;

subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.100 192.168.1.200;
    option routers 192.168.1.1;
    option subnet-mask 255.255.255.0;
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    option domain-name "example.local";
}

# static reservation
host printer {
    hardware ethernet 00:1A:2B:3C:4D:5E;
    fixed-address 192.168.1.50;
}

Start and enable the service: systemctl restart isc-dhcp-server && systemctl enable isc-dhcp-server.
Verify leases in /var/lib/dhcp/dhcpd.leases and allow UDP 67 through the firewall.

Answer 3

Network Storage

Network storage is storage capacity made available to multiple clients/servers over a network rather than being attached directly to a single host (DAS). It enables centralized management, sharing, scalability, and high availability of data. The three key concepts are SAN, NAS, and RAID.

SAN (Storage Area Network)

A SAN is a dedicated, high-speed network that provides block-level access to consolidated storage devices. The OS sees SAN volumes (LUNs) as if they were local disks.

Protocols: Fibre Channel (FC), iSCSI, FCoE.
Access level: Block.
Best for: Databases, virtualization clusters, mission-critical transactional workloads needing high throughput and low latency.
Drawback: Expensive; complex to set up.

NAS (Network Attached Storage)

A NAS is a dedicated file-serving appliance that provides file-level access over a standard TCP/IP/LAN.

Protocols: NFS (Linux/Unix), SMB/CIFS (Windows), FTP.
Access level: File.
Best for: Shared file storage, home directories, backups, media files, document sharing.
Drawback: Performance limited by the LAN; less suited to high-IOPS databases.

RAID (Redundant Array of Independent Disks)

RAID combines multiple physical disks into one logical unit for performance, redundancy, or both. It is a storage technique, not a network (it can be used inside DAS, NAS, or SAN).

Level	Technique	Min disks	Fault tolerance	Notes
RAID 0	Striping	2	None	Max speed, no redundancy
RAID 1	Mirroring	2	1 disk	Full duplicate copy
RAID 5	Striping + distributed parity	3	1 disk	Good balance of space/redundancy
RAID 6	Striping + double parity	4	2 disks	Survives two failures
RAID 10	Mirror + stripe	4	1 per mirror	High performance + redundancy

Comparison and Use Cases

Feature	SAN	NAS	RAID
Access type	Block	File	Disk-array level
Network	Dedicated FC/iSCSI	Standard LAN/TCP-IP	Local controller
Cost	High	Low–moderate	Low
Typical use	Databases, VM datastores	File sharing, backups	Reliability inside any storage

Summary: Use a SAN when applications need fast, block-level, low-latency storage (databases, virtualization); use a NAS for cost-effective shared file access; and use RAID within either to ensure data redundancy and improved performance.

Answer 4

Capacity planning is the process of forecasting future resource requirements so that a system can meet demand without over- or under-provisioning.

The system administrator's role includes:

Monitoring resource utilization — CPU, memory, disk, network, and I/O usage over time using tools like top, vmstat, sar, Nagios, or Prometheus.
Analyzing trends and growth — studying historical data to forecast when resources will be exhausted.
Forecasting demand — predicting future load from business growth, new users, or new applications.
Planning upgrades and scaling — recommending hardware upgrades, additional servers, or cloud auto-scaling before bottlenecks occur.
Performance tuning — optimizing existing resources to delay or avoid costly expansion.
Cost optimization — balancing adequate headroom against unnecessary expenditure.

Thus the admin ensures the infrastructure remains performant, available, and cost-effective as demand changes.

Answer 5

Structure of a DNS Zone File

A zone file is a plain-text file on a DNS server that contains the resource records (RRs) mapping domain names to IP addresses (and other data) for a particular DNS zone.

Its main components are:

1. Directives

$TTL — default time-to-live for records (e.g. $TTL 86400).
$ORIGIN — the base domain appended to unqualified names.

2. SOA (Start of Authority) record — the first and mandatory record; defines the primary name server, admin email, and timing values:

@   IN  SOA  ns1.example.com. admin.example.com. (
        2024010101 ; Serial
        3600       ; Refresh
        1800       ; Retry
        604800     ; Expire
        86400 )    ; Minimum TTL

3. Resource records — the actual mappings:

Type	Purpose	Example
NS	Authoritative name servers	`@ IN NS ns1.example.com.`
A	Name → IPv4 address	`www IN A 192.168.1.10`
AAAA	Name → IPv6 address	`www IN AAAA 2001:db8::1`
CNAME	Alias to another name	`ftp IN CNAME www`
MX	Mail exchanger (with priority)	`@ IN MX 10 mail.example.com.`
PTR	Reverse (IP → name) lookup	`10 IN PTR www.example.com.`
TXT	Text data (SPF, verification)	`@ IN TXT "v=spf1 ..."`

Each record line has the format: NAME TTL CLASS TYPE DATA (CLASS is normally IN for Internet). A trailing dot . denotes a fully qualified domain name.

Answer 6

Access Control List (ACL) in Linux

An Access Control List (ACL) is an extension to the standard Linux file permission model (owner/group/other) that allows fine-grained permissions to be set for multiple specific users and groups on a single file or directory — beyond what rwx for the three classic classes can express.

Why it is needed: Traditional permissions allow only one owner and one group. ACLs let you, for example, grant read-write to user alice, read-only to user bob, and full access to group devs, all on the same file.

Key commands:

getfacl filename — view the ACL of a file.
setfacl -m u:alice:rw file — grant user alice read/write.
setfacl -m g:devs:r file — grant group devs read.
setfacl -x u:alice file — remove alice's ACL entry.
setfacl -b file — remove all ACL entries.
setfacl -d -m u:alice:rwx dir — set a default ACL so new files inside dir inherit it.

A file with an ACL shows a + after its permission bits in ls -l (e.g. -rw-rw-r--+). The filesystem must be mounted with the acl option (most modern ext4/xfs enable it by default).

Example:

setfacl -m u:bob:r-- report.txt
getfacl report.txt

Answer 7

Hard Link vs Soft (Symbolic) Link

Both are ways of referencing a file in Linux, but they differ fundamentally:

Feature	Hard Link	Soft Link (Symbolic Link)
Definition	An additional directory entry pointing to the same inode as the original file	A special file that stores the path to the target file
Inode	Shares the same inode number as the original	Has its own separate inode
Created by	`ln source link`	`ln -s source link`
Cross filesystem	Not allowed (must be on same filesystem)	Allowed (can span filesystems/partitions)
Link to directory	Not allowed (for users)	Allowed
If original deleted	Data still accessible via the hard link (link count > 0)	Link becomes dangling/broken — points to nothing
Size	Same as the file (points to data)	Small — only stores the path string

Key idea: A hard link is essentially another name for the same data; the file's data is removed only when its link count reaches zero. A soft link is a shortcut/pointer to a pathname and breaks if the target is moved or deleted.

Examples:

ln  file.txt  hardlink.txt     # hard link
ln -s file.txt softlink.txt    # soft link
ls -li                         # -i shows inode numbers

Answer 8

Virtualization

Virtualization is the technology that creates a software-based (virtual) version of physical computing resources — such as servers, storage, networks, or operating systems — allowing multiple virtual machines (VMs) to run on a single physical host. A software layer called the hypervisor (e.g. VMware ESXi, KVM, Hyper-V, Xen) sits between the hardware and the VMs, allocating and isolating CPU, memory, disk, and network resources.

Type 1 (bare-metal) hypervisor runs directly on hardware (ESXi, Hyper-V, KVM).
Type 2 (hosted) hypervisor runs on top of a host OS (VirtualBox, VMware Workstation).

Benefits of Virtualization

Server consolidation — many VMs on one physical machine, reducing hardware count.
Cost reduction — lower hardware, power, cooling, and space costs.
Better resource utilization — idle capacity of physical servers is used efficiently.
Isolation — each VM is independent; a crash or compromise in one does not affect others.
Rapid provisioning — new VMs and templates can be deployed in minutes.
High availability & disaster recovery — VMs can be migrated (live migration), snapshotted, and restored easily.
Scalability & flexibility — resources can be added or removed on demand.
Testing/development — multiple OS environments on one machine without extra hardware.

Answer 9

Principle of Least Privilege (PoLP)

The Principle of Least Privilege states that every user, process, program, or system component should be granted only the minimum access rights and permissions necessary to perform its legitimate task — and nothing more.

Purpose / importance:

Reduces the attack surface — a compromised account or process can do limited damage.
Limits accidental damage — users cannot mistakenly modify or delete resources they should not touch.
Contains malware spread — restricted privileges prevent lateral escalation.
Improves accountability and auditing — access is well-defined and traceable.

Examples in practice:

A web server runs under a dedicated unprivileged user (e.g. www-data) rather than root.
Administrators use a normal account for daily work and elevate via sudo only when needed.
Database users are granted only SELECT on the tables they need, not full admin rights.
File permissions and ACLs grant write access only to the specific groups requiring it.

It is a foundational concept of secure system design (along with defense-in-depth and separation of duties).

Answer 10

Load Balancer

A load balancer is a device or software service that distributes incoming network or application traffic across multiple backend servers so that no single server becomes overwhelmed. It acts as a reverse proxy sitting in front of a server pool, improving availability, scalability, and performance.

Functions / benefits:

Distributes load evenly to prevent server overload.
High availability / fault tolerance — detects unhealthy servers via health checks and routes traffic only to healthy ones.
Scalability — servers can be added or removed transparently.
Session persistence (sticky sessions) — keeps a user bound to one server when needed.
SSL termination — can offload encryption/decryption from backend servers.

Common scheduling algorithms:

Round Robin — requests sent to servers in rotation.
Least Connections — sends to the server with the fewest active connections.
Weighted Round Robin / Weighted Least Connections — accounts for server capacity.
IP Hash — routes based on client IP for persistence.

Types: Layer 4 (transport-level, TCP/UDP) and Layer 7 (application-level, HTTP/HTTPS). Examples: HAProxy, NGINX, F5 BIG-IP, AWS ELB.

Answer 11

Log Rotation in Linux

Log rotation is the process of automatically archiving, compressing, and removing old log files so that logs do not grow indefinitely and consume all available disk space. When a log reaches a defined size or age, the current file is renamed/archived and a fresh empty log is started.

It is managed by the logrotate utility, typically run daily via cron (/etc/cron.daily/logrotate) or a systemd timer.

Configuration files:

Global config: /etc/logrotate.conf
Per-service configs: /etc/logrotate.d/ (e.g. one file per application)

Common directives:

daily / weekly / monthly — rotation frequency.
rotate N — keep N old (rotated) copies before deleting.
size 100M — rotate when the file exceeds a size.
compress — gzip old logs to save space.
delaycompress — compress on the next rotation cycle.
missingok — do not error if the log is missing.
notifempty — skip rotation if the log is empty.
create 0640 root adm — create a new empty log with given permissions.
postrotate ... endscript — run commands (e.g. signal the service to reopen logs) after rotation.

Example (/etc/logrotate.d/myapp):

/var/log/myapp/*.log {
    daily
    rotate 7
    compress
    missingok
    notifempty
    create 0640 root adm
    postrotate
        systemctl reload myapp >/dev/null 2>&1 || true
    endscript
}

This keeps 7 days of compressed logs and reloads the service after rotating.

Answer 12

Cloud-Based System Administration

Cloud-based system administration is the practice of provisioning, configuring, monitoring, and maintaining computing resources that are hosted on a cloud platform (e.g. AWS, Microsoft Azure, Google Cloud) rather than on locally owned physical hardware. The administrator manages virtual servers, storage, networking, and services remotely through web consoles, CLIs, and APIs.

Service models:

IaaS (Infrastructure as a Service) — VMs, storage, networks (e.g. EC2).
PaaS (Platform as a Service) — managed runtime/platform.
SaaS (Software as a Service) — ready-to-use applications.

Key administrative tasks:

Provisioning and scaling instances (often with auto-scaling).
Configuring virtual networks, security groups, and firewalls.
Managing IAM (users, roles, least-privilege access).
Monitoring and logging (e.g. CloudWatch) and alerting.
Backups, snapshots, and disaster recovery.
Infrastructure as Code (Terraform, CloudFormation, Ansible) for reproducible deployments.

Benefits:

Elasticity / on-demand scaling — pay only for what you use.
No upfront hardware cost (OpEx vs CapEx).
High availability across regions/zones.
Global accessibility and rapid provisioning.

Challenges: security and data privacy, vendor lock-in, ongoing cost management, dependence on internet connectivity, and shared-responsibility for compliance.