Download THE BRITISH COMPUTER SOCIETY THE BCS PROFESSIONAL EXAMINATIONS

THE BRITISH COMPUTER SOCIETY
THE BCS PROFESSIONAL EXAMINATIONS
BCS Level 6 Professional Graduate Diploma in IT
March 2014
Examiners’ Report
NETWORK INFORMATION SYSTEMS
General comments on candidates’ performance
The standard of answers was generally very good, with nearly all candidates
choosing to answer question A2 and/or B4, with many obtaining excellent
marks. Where candidates failed to achieve marks, it was usually because they
failed to attempt an answer to that part of the question which had higher
marks allocated.
Question choice is important, and if no attempt can be made at a part worth
many marks, it may be better to choose a question that can be answered
adequately but more fully. Very few candidates attempted question A1 and
few of those passed. However one or more candidates obtained at least 80%
of the marks available for each question on the paper.
Once again some candidates quoted large amounts of knowledge that was
not relevant to the question, and once again no credit could be given for this.
A large number of candidates chose to illustrate parts of their answers with
diagrams, even though diagrams were not directly requested. This was a
good strategy, often conveying knowledge in the subject and clarifying their
written descriptions, and those who did so in a relevant manner tended to be
amongst the group of candidates who obtained high marks.
A1.
You are a young researcher and you are given the task to create a new
web search engine similar to Google.
a) Provide a diagram of how the creators of a new web search engine
could distribute their systems over multiple nodes and data centres,
and explain the interlinking.
(7 marks)
b) List the main types of distributed network configurations that are
used to support distributed systems. In your answer refer to
standard networks and the wireless variants of them.
(6 marks)
c) Explain how the distributed network configurations, you have listed
in b) above, differ from each other.
(12 marks)
Answer Pointers.
A1a) Because of the large volume of data (links and hyperlinks) the only
possible approach is a distributed system.
4 marks for relevant diagram and 3 marks for explaining the
interlinking between the nodes and the Internet.
A1b)
-
Local area networks (LANs)
Personal area networks (PANs)
Wide area networks (WANs)
Metropolitan area networks (MANs)
Wireless local area networks (WLANs)
Wireless metropolitan area networks (WMANs)
Wireless wide area networks (WWANs)
Internetworks
1 mark for each mentioned network (up to 6).
A1 c)
PANs are a subcategory of local networks in which the various digital devices
carried by a user are connected by a low-cost, low-energy network. Wired
PANs are not of much significance because few users wish to be encumbered
by a network of wires on their person, but wireless personal area networks
(WPANs) are of increasing importance due to the number of personal devices
such as mobile phones, tablets, digital cameras, music players and so on that
are now carried by many people.
(LANs) • LANs carry messages at relatively high speeds between computers
connected by a single communication medium, such as twisted copper wire,
coaxial cable or optical fibre. No routing of messages is required within a LAN
and the system bandwidth is shared between the computers connected to a
small LAN. Larger local networks, such as those that serve a campus or an
office building, are composed of many segments interconnected by switches
or hubs. In local area networks, the total system bandwidth is generally high
and latency is low.
(WANs) WANs carry messages at lower speeds between nodes that are
often in different organizations and may be separated by large distances.
They may be located in different cities, countries or continents. The
communication medium is a set of communication circuits linking a set of
dedicated computers called routers. They manage the communication
network and route messages or packets to their destinations. In most
networks, the routing operations introduce a delay at each point in the route,
so the total latency for the transmission of a message depends on the route
that it follows and the traffic loads in the various network segments that it
traverses.
(MANs) This type of network is based on the high bandwidth copper and fibre
optic cabling recently installed in some towns and cities for the transmission of
video, voice and other data over distances of up to 50 kilometres. A variety of
technologies have been used to implement the routing of data in MANs,
ranging from Ethernet to ATM. The DSL (Digital Subscriber Line) and cable
modem connections now available in many countries are an example. DSL
typically uses ATM switches located in telephone exchanges to route digital
data onto twisted pairs of copper wire (using high frequency signalling on the
existing wiring used for telephone connections) to the subscriber’ s home or
office at speeds in the rang e 1–10 Mbps.
(WLANs) W LANs are designed for use in place of wired LANs to provide
connectivity for mobile devices, or simply to remove the need for a wired
infrastructure to connect computers within homes and office building s to each
other and the Internet. They are in widespread use in several variants of the
IEEE 802.11 standard (Wi-Fi), offering bandwidths of 10–100 Mbps over
ranges up to 1.5 kilometres.
(WMANs) The IEEE 802.16 WiMAX standard is targeted at this class of
network. It aims to provide an alternative to wired connections to home and
office buildings and to supersede 802.11 Wi-Fi___33 networks in some
applications.
(WWANs) Most mobile phone networks are based on digital wireless network
technologies such as the GSM (Global System for Mobile communication)
standard, which are used in most countries of the world. Mobile phone
networks are designed to operate over wide areas (typically entire countries
or continents) through the use of cellular radio connections; their data
transmission facilities therefore offer wide area mobile connections to the
Internet for portable devices. The cellular networks mentioned above offer
relatively low data rates – 9.6 to 33 k bps – but the ‘ third generation’ (3G) of
mobile phone networks is now available, with data transmission rates in the
rang e of 2–14.4 Mbps while stationary and 348 k bps while moving (for
example in a car). The underlying technology is referred to as UMTS
(Universal Mobile Telecommunications System).
Internetworks an internetwork is a communication subsystem in which several
networks are linked together to provide common data communication facilities
that overlay the technologies and protocols of the individual component
networks and the methods used for their interconnection. Internetworks are
needed for the development of extensible, open distributed systems. The
openness characteristic of distributed systems implies that the networks used
in distributed systems should be extensible to very large numbers of
computers, whereas individual networks have restricted address spaces and
some may have performance limitations that are incompatible with their largescale use. In internetworks, a variety of local and wide area network
technologies can be integrated to provide the networking capacity needed by
each group of users. Thus internetworks bring many of the benefits of open
systems to the provision of communication in distributed systems.
2 marks for each explained network (up to 12).
Examiner’s Comments
This question was designed to enable candidates to apply their knowledge
and skills for solving particular hands-on problem and some were able to build
on their theoretical knowledge and provide relevant solutions based on
distributed system architectures. The key to this question is the understanding
that it needs to be a distributed system which most of the candidates
successfully identified. The problems are in identifying the answer pointers in
the second part of the question. Most candidates were trying to explain clientserver architecture, which is an application design and not a variety of a
distributed network configuration.
A2.
a) Explain what you understand by Web Services.
(6 marks)
b) Identify and explain the core technologies that are used by Web
Services.
(12 marks)
c) With regard to Web services, explain how we ensure
 Confidentiality
 Authentication
 Network Security
(7 marks)
Answer Pointers
A2 a) Web Services are self-contained, modular, distributed, dynamic
applications that can be described, published, located, or invoked over the
network to create products, processes, and supply chains. These applications
can be local, distributed, or Web-based.
(2 marks)
They are using XML-based information exchange systems that use the
Internet for direct application-to-application interaction.
(2 marks)
Web services use open protocols and standards used for exchanging data
between applications or systems such as TCP/IP, HTTP, Java, HTML, and
XML.
(2 marks)
A2b) - XML-RPC is the simplest XML based protocol for exchanging
information between computers and is a protocol that uses XML messages to
perform Remote Procedure Calls - RPCs. Requests are encoded in XML and
sent via HTTP POST where the XML responses are embedded in the body of
the HTTP response.
XML-RPC is platform-independent.
- SOAP is an XML-based protocol for exchanging information between
computers and it is a communication protocol for communication between
applications. SOAP defines its own format for sending messages and it is
designed to communicate via Internet. SOAP is platform and language
independent, extensible and allows you to get around firewalls
- WSDL is an XML-based language for describing Web services and how to
access them. WSDL stands for Web Services Description Language and it is
an XML based protocol for information exchange in decentralized and
distributed environments. WSDL is the standard format for describing a web
service. how to access it and what operations it will perform.
- UDDI is an XML-based standard for describing, publishing, and finding Web
services. UDDI stands for Universal Description, Discovery and Integration
and it is a specification for a distributed registry of Web services. UDDI is
platform independent, open framework and it can communicate via SOAP,
CORBA, Java RMI Protocol. UDDI is an open industry initiative enabling
businesses to discover each other and define how they interact over the
Internet.
(3 marks for each explanation)
A2c) Confidentiality
XML-RPC and SOAP run primarily on top of HTTP, which has support for
Secure Sockets Layer (SSL), where the Communication can be encrypted.
The big problem is that a single web service may consist of a chain of
applications. For example one large service might tie together the services of
three other applications. In this case, SSL is not adequate; the messages
need to be encrypted at each node along the service path, and each node
represents a potential weak link in the chain. Currently, there is no agreedupon solution to this issue, but one promising solution is the W3C XML
Encryption Standard. This standard provides a framework for encrypting and
decrypting entire XML documents or just portions of an XML document.
(3 marks for relevant explanation)
Authentication
The problem here is to identify the user and establish if client (the user) is
authorised to use the service? The following options exist without having a set
standard:
HTTP includes built-in support for Basic and Digest authentication, and
services can therefore be protected in much the same manner as HTML
documents are currently protected.
SOAP Security Extensions: Digital Signature (SOAP-DSIG). DSIG leverages
public key cryptography to digitally sign SOAP messages. This enables the
client or server to validate the identity of the other party.
The Organization for the Advancement of Structured Information Standards
(OASIS) is working on the Security Assertion Markup Language (SAML).
(2 marks for relevant explanation)
Network Security
There is currently no easy answer to this problem, and it has been the subject
of much debate. For now, if you are truly intent on filtering out SOAP or XMLRPC messages, one possibility is to filter out all HTTP POST requests that set
their content type to text/xml.
Another alternative is to filter for the SOAP Action HTTP header attribute.
Firewall vendors are also currently developing tools explicitly designed to filter
web service traffic.
(2 marks or relevant explanation)
Examiner’s Comments
This question was the most popular one with most people attempting answers
for this question. Most answers were relevant, with some good explanations.
One candidate scored full marks and many others obtaining over 80% of the
marks for this question. A few candidates demonstrated knowledge of the
syllabus but gave points which were not relevant to this question.
A3. A company operates from three buildings; buildings A and B are next to
each other in a city and the third, building C, is located 200 miles away.
The company has its operations organised in such a way that the work
process in building A generates very high communication traffic between
the networked computers. However the communication traffic in the other
two buildings is relatively low.
The company has an application which must run across a Local Area
Network address space.
Two public class B network addresses with IDs of 150.72.0.0 and
151.72.0.0 are given to the company.
Assuming that the number of computers is appropriate for your design
and all computers are using public IP addresses within the assigned
network IDs, you are required:a)
with the aid of a diagram, to describe appropriate Local Area
network (LAN) architecture for inclusion in the network of
buildings A and B. In your answer explain the distribution of
addresses, use of hubs, routers etc and show the connection to
the Internet. Your answer should also identify any restrictions
that you may need to impose on the number of computers in
each building.
(11marks)
b)
to produce a simple routing table for one of the routers on the
diagram you provided in answer to a) above, and explain the
purpose and the usage of the fields in the table.
(8 marks)
c)
to suggest a way of building a single Wide Area Network based
on the existing LAN architecture and the Internet, and explain
the issues you considered.
(6 marks)
Answer Pointers
A3 a) Since we have two remote sites we need to use both network IDs – one
for each side. Furthermore let us choose the first network ID to be associated
with the site with 2 buildings - 150.72.0.0. The design must include several
separate sub-networks – one sub-network per building so that the operations
can be separated to prevent the heavy communication traffic from spilling
over from one building LAN to the other. In the example below we will be
using 4 separate subnets, which means that the number of computers in each
sub-net must be less than 214 = 16 384. The net mask for all subnets will be
255.255.192.0.A possible architecture is shown below.
Computer 1
150.72.0.1
Computer 2
150.72.0.2
Building 1
Net Mask
255.255.192.0
150.72.63.255
Router 1
…………….
150.72.128.1
Computer n
150.72.x.x
150.72.254.255
150.72.128.2
Router 2
Internet
Computer 1
150.72.64.1
Computer 2
150.72.64.2
Building 2
Net Mask
255.255.192.0
150.72.128.3
150.72.127.255
Router 3
…………….
Computer n
150.72.x.x
11 marks for this or similar diagram with all addresses assigned.
b) Example of routing table at Router 3 is shown below:
Destination Network ID
150.72.64.0
150.72.0.0
150.72.128.0
default
Mask
255.255.192.0
255.255.192.0
255.255.192.0
any
Next Hop
150.72.128.1
150.72.128.2
150.72.128.2
150.72.128.2
Each routing table has the three columns – Destination Network ID, Network
Mask and Next Hop. For each line in the table starting from the first the router
takes the destination address from each packet and applies the mask (logical
AND between the mask and the destination IP address). The result is
compared to the Destination Network ID field and in case of match sends the
packet to appropriate address in the Next Hop field on the same row. In case
match is found no further matching is attempted. 8 marks for this explanation.
c) Wide Area Network (WAN) on the basis of VPN
An extranet is a computer network that allows controlled access from the
outside for specific business or educational purposes. Segments of the
150.72.63.255
Building 1
LAN ID:
150.72.0.0
Net Mask
255.255.192.0
Router 1
150.72.128.1
150.72.254.255
150.72.128.2
Router 3
151.72.254.255
Router 2
Internet
Building 3
LAN ID:
151.72.0.0
Net Mask
255.255.0.0
150.72.128.3
Building 2
LAN ID:
150.72.64.0
Net Mask
255.255.192.0
Router 3
150.72.127.255
All buildings are in on single
VPN – Virtual Private Network
thus forming Wide Area Network
Internet, like VPN-based extranets, are also WANs in themselves.
VPN over the Internet is the cheapest option. Other possible ways of building
WAN is to have leased lines for connection or dedicated other means for
communication between the two remote sites. Examples of such technologies
over dedicated lines are: SONET, ATM, Frame Relay.
(6 marks for this or similar drawing and explanation)
Examiner’s Comments
This question was clearly selected by candidates who really had a good
understanding of what is an IP address, how the computers in a network can
be assigned IP address, how a network could be divided into sub-networks
and various other issues concerning IP configuration of the networks.
Relatively few people showed detailed knowledge of routers (which is
essential when building networks for multiple sites). Generally speaking, the
level of knowledge of the people attempting this question was higher than for
the other questions. Many candidates obtained over 80% of the marks for this
question.
B4
a) Describe the function of each of the following networking devices:
i)
ii)
iii)
Repeater
Bridge
Switch
(4 marks)
(4 marks)
(4 marks)
b) Explain why it might be possible to improve the performance of a network
by replacing a network hub with a switch.
(6 marks)
c) Unlike the devices in section (a), a router is often described as a layer 3
device. Describe how a router meets the definition of a layer 3 device,
contrasting it with the function of a switch.
(7 marks)
ANSWER POINTERS
Nearly all candidates chose to answer the question, and in general the
answers were good, although part c) was generally answered less thoroughly
than other parts. Considering the reference to layer 3 in the question,
candidates could have referenced the OSI model directly or at least describe
layer 3 (network layer) and its purpose. Some candidates did this but many
failed to do so.
The word “networking” is given in this question to make plain we are speaking
of network repeaters, network hubs etc.
In part a) there is a progression of ideas in the 3 parts of this question, which
candidates should be able to develop and use to guide their answers. A
repeater is a device used to repeat the signal onto a new network link, used to
deal with the cable length limits in networks, especially Ethernet networks, but
wireless repeaters are now common too. The repeater is a solution to the
problem of signal attenuation.
The repeater does nothing more than retransmit the signal on the new link. A
Network bridge allows two or more communication networks, or two or more
network segments to create an aggregate network. Bridging is different from
routing which allows the networks to communicate independently as separate
networks (layer 3).
Bridging is a layer 2 aggregation. On multiplexed networks, a bridge could
contain traffic within the segments except where access is required to devices
on the other side of the bridge. Many candidates suggested bridging is
obsolete, but this is incorrect as bridges are still extremely useful for
connecting similar networks on different media, such as Wi-Fi to Ethernet.
A switch takes the segmentation a step further by creating a multi-port
network bridge that processes and routes data at the data link layer (layer 2).
Now every device can potentially be connected on its own network segment
and traffic segmentation keeps the links quieter and potentially more private.
Part b) introduced the concept of a hub, and the segmentation is again at the
heart of the question, but candidates should understand the difference
between a hub and a switch. Thus a description of a hub as a device for
connecting multiple physical network segments together and making them act
as a single network segment. Like a switch, a hub has multiple I/O ports, in
which a signal introduced at the input of any port appears at the output of
every port except the original, just as a repeater would work. This is in
contrast to the segmented nature of a switched network described above, and
essentially a hub is a physical layer (layer 1) multiport repeater, as opposed to
the layer 2 data link multiport segmentation (multiport bridging) of a switch.
Note that more marks are given for the description of the hub than the
difference, as a correct description of the hub and switch (in part a) are
essential to demonstrating the difference.
Part c) brings out the OSI model in the question, and the answer should
describe how switches create multiport segmentation at layer 2, with traffic
being switched between segments based on an internal table of hardware
addresses (MAC addresses) for each segment, whereas a router will look at
the network packet header and will choose which interface to route the packet
onto based on a lookup table of routes, e.g. IP network routes.
This part of the question could be illustrated with a diagram, and with
reference to IP packets and Ethernet frames, although the concepts can be
generalised to other network technologies. As the OSI model is explicitly
mentioned, marks were given for description of the network layer as opposed
to the data link layer within the model and for the description, which must
describe the principles of routing and the tables used by switches and routers.
Examiner’s Comments
This question was generally answered well with many candidates quite clear
on each of these devices. Some candidates pointed out that repeaters were
largely obsolete now, but that is true primarily for Ethernet repeaters and other
candidates quite rightly pointed out that wireless repeaters are still very much
in use. Likewise candidates often suggested bridging was obsolete, not
recognising the utility of a bridge in joining two similar networks over different
media such as Wi-Fi to Ethernet bridges found in Wi-Fi access points.
Where candidates understood the nature of a switch, they tended to answer
part b) fully too. Part c) clearly referred to the OSI model and particularly the
difference between data link and network layers. Many candidates understood
this, but many others did not consider what is provided at each layer, which
would have guided then to answering that part fully. In particular, mention of
network layer addressing (IP addresses) was important.
B5.
A weather research company is developing a network of weather monitoring
stations that need to report back readings at each of their station sites to a
central server. There will be hundreds of such small stations located
voluntarily on networks of other companies, organisations and individuals. All
such stations will be located where there are Internet connections, but in the
majority of cases the Internet connection is not maintained by the weather
research company. Data is transferred to the server on a regular basis over
these Internet connections using SOAP web services.
a) In this scenario, what are the advantages of using SOAP web services to
report data as opposed to other data transfer mechanisms such as SFTP,
or CORBA?
(8 marks)
b) The research company must ensure that data updates come from their
devices and are not maliciously inserted or tampered with by any third
parties. Describe a suitable means for ensuring such transfers are secure.
Your answer should take into account the possibility of the data stream
being analysed over extended periods using packet capture software.
(11 marks)
c) The data is processed and formatted by the company to be released on
their web server to paying clients. One of the pages to be provided is a
map generated from the source data that is shaded in the region of each
weather station to indicate the temperature of that area. Hotter recordings
are shaded red or orange or yellow and cooler recordings shaded green or
blue. What web accessibility issues should they consider with this map to
ensure that all users of the service can make use of the data presented?
(6 marks)
Answer Points
This question included a section (part c) examining HCI issues. This has
always been on the syllabus for NIS, but was not previously examined. I am
pleased to note that everyone who attempted this question gained some
marks for their answer to part c, although only a few candidates gained full
marks for noting the accessibility issue and, importantly, providing the solution
– which is to present the data in an alternative accessible format.
Part a) required the candidates to understand the nature of SOAP as
encapsulating the data within XML and transferring it between web servers.
This has the major advantage of not requiring special configuration over
firewalls to allow additional services to be used, because HTTP is the one
protocol that is almost always allowed to cross firewalls. A candidate may
note that a web proxy might still be required, but SOAP will continue to work
over such proxies as the XML data is being transferred by HTTP. Failing
HTTP, SMTP can also be used – the other best supported protocol. Both
CORBA and SFTP would require access to ports that may be blocked on the
firewall and the nature of the scenario makes it clear that in most cases,
reconfiguration of the firewall is going to be hard or impossible as the
company does not control these networks. 6 marks will be given for correct
understanding of the SOAP protocol as above, but 2 marks are reserved for
specifically noting this operational issue in the scenario and thus recognising
the attraction of SOAP over the alternatives.
Part b) is open ended, but a candidate must recognise that a simple plain text
password exchange is unsuitable as the password can be read from the
network. Reliance on IP addresses is also inappropriate because of the risk of
network address translation being used to maliciously insert data apparently
from the data monitor IP address. Thus a candidate should describe an
encryption scheme. The simplest such scheme would rely on a pre-shared
secret with the data monitor that is used to encrypt the data, but this too is
vulnerable to attack because the question specifies a long period of
observation, and as the data is repetitive, even if some randomisation is
added, such as a timestamp. It is quite possible an attacker could recover the
encryption key in time. The best answers then will look at public key
cryptography, perhaps advocating SSL/TLS or a similar scheme (a natural
choice accompanied with SOAP). SSL/TLS is not required though, if another
solution is offered by, e.g., encrypting the whole message or a message
digest signed by the private key of the data logger that would thus be
guaranteed by this when the digest is decrypted by the logger’s public key.
Although open ended, the division of marks is such that half the marks are
given for understanding the need of a suitable encryption scheme, and half
are used for a correct description of the scheme.
As stated above, part c) is the first time this paper has asked an HCI question
although it has always existed on the syllabus. To prevent candidates being
disadvantaged by this in their preparation, the marks in the section are kept
relatively low. The question relies on a candidate to recognise that users of
the web based system may be colour blind or blind, or else may be using text
only services. As such, there must be an alternative presentation of the data.
In addition to the colouration, actual figures should be available on the map,
and a text only representation of the data on the map should also be
available. This could be served automatically to text only browsers, but should
also be provided through a clear link. Reference may be made to the web
content accessibility guidelines, although there is no need to quote the
guidelines exactly. The point is to consider all users of the system and not just
the usual case.
Examiner’s Comments
There were some very good answers to this question, and it was clear that a
very large proportion of candidates understood the benefits of SOAP in the
answer to part a). This was good, although for full marks candidates needed
to contrast these with CORBA and SFTP which needed some consideration of
the scenario and not just listing SOAP benefits. SFTP is clearly a very
different solution, and transfer of data would have to be set up in a very
different manner. However it was gratifying that the majority of candidates
were able to answer this section well.
In part b), some candidates again tripped up by not considering the example,
but simply listing general security measures. In this scenario, encryption of the
data is required and the ability for an attacker to see the data over a long
period makes symmetric encryption, on its own, susceptible to attack. Thus a
scheme such as SSL is idea, especially as SOAP can utilise it. Understanding
that and then describing how SSL would ensure the security was what was
required here.
A noted above, part c) was the first time we put an HCI based question into
the exam. Many candidates considered the question and produced wellreasoned replies earning many of the marks, but in some cases the solutions
were impractical, and in other cases the problem was described but no
suitable solutions offered.