What Is

1. What is .NET Framework?
The .NET Framework is the foundation on which you can design,

develop, and deploy applications. It is the core of the .NET
infrastructure. It exists as a layer between the .NET applications and
the underlying operating system. The .NET Framework encapsulates
much of the basic functionality, such as debugging and security
services, which was earlier built into various programming languages.
2. What does .NET Framework consists of?

The .NET Framework consists of Web forms, Windows forms, and console
applications that pertain to the presentation layer of an application. Web
forms are used in Web-based applications, whereas Windows Forms are
used in Windows-based applications for providing an interactive user
interface. In addition, you can create character-based console
applications that can be executed from the command line. Besides these
three components, the .NET Framework consists of two other
components, the .NET Framework Base Classes and the Common
Language Runtime (CLR).
3. Write a note on:
a. Programming methodologies
The Visual Studio .NET programming methodology allows for mixedlanguage programming. This is established through a Common Type
System (CTS) that is defined for all the languages that .NET Framework
supports. All these languages compile into an intermediate language
before they compile in native code. Therefore, the .NET developer has the
independence to code one module of an application in one language and
the other module of the same application in another language.
b. Platform technologies
The .NET Framework includes platform technologies like ADO.NET,

ASP.NET, and VB.NET. ADO.NET allows .NET applications to
communicate with a database for retrieving, accessing, and updating
data. ASP.NET is a framework for building enterprise-class Web
applications. VB.NET is an object-oriented language that provides
features such as abstraction, encapsulation, and polymorphism. By
using these technologies, you can easily develop robust Web applications,
Windows applications, and XML Web services.
c. Code execution
The code execution process involves the conversion of Intermediate

Language into native or
CPU-specific code. The CLR is completely architecture-neutral. All the
.NET languages get compiled into the IL. This intermediate language gets
compiled by Just-in-Time (JIT) compiler into the native machine code.
After translating the IL into native code, the converted code is sent to
the .NET runtime manager. The .NET runtime manager executes the
code. While executing the code, a security check is performed to ensure
that the code has the appropriate permissions for accessing the available
resources
4. Which are the platform technologies supported by .NET Framework?

Some of the platform technologies supported by .NET Framework are:n
ADO.NET , ASP.NET ,VB.NET
6. What is backward compatibility?
Backward compatibility refers to the ability of a technology to work with

its previous versions or with other earlier technologies. For example, the
Active Directory structure of Windows 2000 is backward compatible with
Windows NT 3.51 and 4.0. Similarly, the .NET Framework supports
backward compatibility. For example, you can compile and run
applications created in Visual Basic 6.0 in Visual Studio 2005.
7. Does .NET platform support backward compatibility? Explain.
The .NET platform supports backward compatibility. It is possible for an

application compiled in one version of the .NET Framework to run on a
different version of the .NET Framework. For example, you can run
applications developed in Visual Studio 2002/2003 on Visual Studio
2005.
In addition to the above example, the .NET platform supports backward

compatibility in the following ways:
The .NET Framework 2.0 BCL supports backward compatibility with the
earlier versions. .NET supports C++ because of backward compatibility.
To run a C++ code on .Net Framework, you need to include the following
line at the beginning of the code:
#using <mscorlib.dll>
VB applications can work on VB.NET and ASP applications can run on

ASP.NET because of backward compatibility. You can easily reference
COM components in.NET applications.
1. What are the different types of application architectures? Or modified

architecture layout.of .NET framework.
The different types of application architectures are:
Single-tier: A single application handles all functions related to the user,

business, and data service layers. Such an application is also called a
monolithic application.
Two-tier: The two-tier architecture divides an application into the

following two components:
Client: Implements the user interface
Server: Stores data The business logic can either be integrated with the
client (fat client) or with the server (fat server).
Three-tier: In the case of three-tier architecture, all the three service

layers reside separately, either on the same machine or on different
machines. The user interface interacts with the business logic. The
business logic validates the data sent by the interfaces and forwards it to
the database if it conforms to the requirements. The front-end only
interacts with business logic, which, in turn, interacts with the database.
n-tier: An n-tier application uses business objects for handling business

rules and data access. It has multiple servers handling business
services. This application architecture provides various advantages over
other types of application architectures. Some of the advantages include
extensibility, resilience to change, maintainability, and scalability of the
application
5. List the advantages of .NET Framework.

The .NET Framework offers the following advantages:Consistent
programming model: The base classes of the .NET class library provide
standard functionality such as, input/output, remoting, thread
management, string manipulation, user interface design, and security
management. The ADO.NET classes allow developers to access data in
the form of XML. XML classes enable developers to read, write,
manipulate, and transform XML files. The ASP.NET classes support the
development of Web-based applications and Web services. The Windows
forms classes support the development of desktop-based applications.
Together, the .NET class library provides a common functionality to all
.NET languages resulting in a consistent object model regardless of the

programming language used by the developer.
n Language independence: The .NET developer has the independence to
code one module of an application in one language and the other module
of the same application in another language. This language
interoperability can help in code reuse, and improve the efficiency of the
development process.
n Ease of application deployment: The .NET Framework manages the

details of locating and loading the components required by an
application, even if several versions of the same application exist on the
computer. The .NET Framework ensures that all the components on
which the application depends are available on the computer before the
application begins to run. Visual Studio 2005 includes a new application
deployment technology known as ClickOnce, which allows you to easily
deploy a Windows forms application. ClickOnce enables you to create
desktop applications that are deployed with a secure and systemcontrolled installation.
n Improved security: The .NET Framework provides several mechanisms

for protecting resources and code from unauthorized users:
Code Access Security (CAS) uses permissions to control the code

accessing protected resources and operations.
Role-based security provides information needed to make decisions
about user permissions.
n Support for Web services: With the advent of .NET technology, Web
services provide many built-in BCL facilities that allow different
applications from different sources to communicate with each other. Web

services do not provide the user with a GUI. Web services instead share
business logic, data and processes through a programmatic interface
across a network.
Ease of creating dynamic Web content: Dynamic Web content is
easier to create with .NET. ASP. NET 2.0 includes various features that
enable you to easily develop Web applications having a consistent layout
and appearance.
Visual Studio .NET: Visual Studio .NET is the Microsoft application
and interface for programming in .NET. Visual Studio .NET provides all
the programming advantages mentioned so far. This development
environment has an extensive set of ready-to use-controls, good
debugging facilities, easy and simple programming features, and a vast
set of .NET base classes. All these features enable you to develop high
performance applications in a short period of time.
2. What is the difference between a project and a solution?
In Visual Studio .NET, an application can be made up of one or more

items, such as files and folders. To organize these items efficiently, Visual
Studio .NET has provided two types of containers, projects and
solutions.A project typically contains items that are interrelated. Items
can be forms, references, and data connections. For example, you may
create a project that contains a form for accepting user details and
database connection for transferring these details to a database. A
project allows you to manage, build, and debug the items that make up
an application. When you build a project, it usually results in the

creation of an executable file (.exe) or a dynamic link library (.dll). These
files that are created as a result of building the project are called the
project output.
A solution usually acts as a container for one or more projects. For
example, you may create a solution containing two projects, one for
manipulation of data and the other for generation of reports for the sales
division of an organization. Thus, a solution allows you to work on
multiple projects within the same instance of the Visual Studio .NET
IDE. A solution also allows you to specify settings and options that apply
to multiple projects.
3. What does the Visual Studio .NET IDE provide?
The Visual Studio .NET IDE provides you with a common interface for
developing various kinds of projects for the .NET Framework. The IDE
provides you with a centralized location for designing the user interface
for the application, writing code, and compiling and debugging the
application. The Visual Studio .NET IDE is available to all the
programmers who use the languages in the Visual Studio .NET suite.
4. Why is XML used as a common data format to transfer data among

applications?
XML is a cross-platform, hardware and software independent markup

language. XML allows computers to store data in a format that can be
interpreted by any other computer systems. Therefore, XML can be used
to transfer structured data between heterogeneous systems. XML is used

as a common data interchange format in a number of applications.
5. What is Whidbey?
Whidbey is the code name of Visual Studio 2005, which was released in
November 2005.
6. What is an iterative statement? Explain foreach statement with

example.Iteration statements repeatedly execute a block of statements.
The number of iterations depends on the condition represented by the
boolean expression. The block of code will be iterated until the condition
is true.Consider the following code:
using System;
class TestForeach
static void Main()
int[] array1 = new int[] {1,2,3,4,5};
foreach (int i in array1)
Console.WriteLine(Value is {0}, i);
In the above example, the foreach statement iterates through the

elements of array1.
1. With a neat diagram, explain the .NET Framework architecture.The

.NET Framework is the foundation on which you design, develop, and
deploy applications. Down in the bottom of the figure 1.1, we have
operating system not only Windows on which .NET works on, there are
also implementations that work under Linux. .NET Framework tries to
provide an abstraction between application and operation system
services. The .NET common language runtime knows how to get those
services from the particular operating system. Common language
runtime is running on top of operating systems. It is the execution
engine in which a .NET programs execute. It also provides memory
services and garbage collectionSitting on top of common language
runtime is a very large class library. That is the part of .NET which
provides all those different platforms technologies that we were talking

about in previous chapter. LikeADO.NET to access databases or ASP.NET
to write Internet-enabled software. All those services reside in what we
call collectively as Framework Base Class Library. Sitting on top of all, is
ultimately some programming languages. As mentioned earlier that .NET
supports language interoperability and to implement it, Microsoft has
created a common language specification. These specifications are rules
by which any .NET language has to play. If the application is
implemented based on these rules then it can quite freely interoperate
with any of the other .NET languages.
7. List the different jump statements supported by C#.The different jump
statements supported by C# are:n break statement
n continue statement
n goto statement
n return statement
n throw statement
8. What are checked and unchecked statements? Give an example.
The checked and unchecked statements are used to control the overflow
checking for integer type arithmetic operations and conversions. The
checked statement causes all expressions in the checked block to be
evaluated in a checked context, and the unchecked statement causes all
expressions in the unchecked block to be evaluated in an unchecked

context. Checked allows you to raise an exception whenever stack
overflow (or underflow) occurs due to type conversion issues. Unchecked
will allow you to ignore these exceptions when the C# project is set to
raise these types of exceptions.
Consider the following example:
static void Main()
int x = Int32.MaxValue;
Console.WriteLine(x + 1);
// Overflow
checked {
Console.WriteLine(x + 1); // Exception
unchecked {
Console.WriteLine(x + 1); // Overflow
In the above example, the checked keyword allows you to report the
overflow at runtime.
2. List out the .net architecture and its component///objectives of the

.NET Framework.The objectives of .NET Framework are:n To provide an
object-oriented programming environment and to determine whether
object code is stored and executed locally, or executed remotely.
n To provide a code-execution environment that minimizes software
deployment and versioning conflicts.
n To provide a code-execution environment that guarantees safe

execution of code, including code created by an unknown or semi-trusted
third party.
n To provide a code-execution environment that eliminates the

performance problems of scripted or interpreted environments.
n To ensure consistency across varying types of applications, such as

Windows-based applications and Web-based applications.
n To build all communication on industry standards to ensure that code

based on the .NET Framework can integrate with any other code.
3. How is Windows Programming different from .NET Programming.
In Windows Programming, the application programs call Windows API

function directly. The applications run in the Windows environment, that
is, the operating system itself. These types of applications are called
unmanaged or unsafe applications.
In .NET Programming, the application calls the .NET BCL functions

which communicate with the operating system. The applications run
in .NET Runtime environment. These types of applications are called
managed or safe applications. The .NET Runtime starts code execution,
manages threads, provides services, and manages memory.
9. Give an example of lock and using statements.Example of lock

statement:static void Main()
{
A a = ;
lock(a) {
a.P = a.P + 1;
In the above code snippet, a block of code obtains a mutual-exclusion

lock.
Example of using statement:
static void Main()
using (Resource r = new Resource())
r.Func();
In the above code snippet, resources are obtained with the using
statement.
5. What are the functionalities of CLR? Give the steps involved in the
managed execution process.The CLR has the following functionalities:n
The CLR uses metadata to locate and load classes, lay out instances in
memory, resolve method invocations, generate native code, enforce
security, and set runtime context boundaries.
n The CLR automatically handles object layout and manages references
to objects, releasing them when they are no longer being used. Automatic
memory management eliminates memory leaks as well as some other
common programming errors.
n The CLR makes it easy to design components and applications whose

objects interact across languages. Objects written in different languages
can communicate with each other, and their behaviors can be tightly
integrated.
The managed execution process includes the following steps:
1.Choosing an appropriate language compiler.
2.Compiling your code to MSIL or simply IL: Compiling translates your

source code into IL and generates the required metadata.
3.Compiling IL to native code: At execution time, a JIT compiler

translates the IL into the native machine code. During this compilation,
the code must pass a verification process that examines the IL and
metadata to find out whether the code can be determined to be type safe.
4.Executing code: The CLR provides the environment that enables

execution as well as a variety of services that can be used during
execution.
6. What are assemblies? What are static and dynamic assemblies?
Assembly is a basic element of packaging in .NET. An assembly consists

of IL code, metadata that describes what is in the assembly, and any
other files or information that the application needs to run, such as
graphics and sound files.
Assemblies can be static or dynamic. Static assemblies can include .NET

types (interfaces and classes), as well as required resources for the
assembly (bitmaps, JPEG files, resource files, and so on). Static
assemblies are stored on disk in Portable Executable (PE) files. Dynamic
assemblies are the ones that run directly from the memory, and are not
saved on disk before execution. They can be saved on the disk after they
have been executed
7. How does the .NET execution environment with application domain

differ from the traditional way of execution?In the case of .NET
Framework, application domains provide a secure and versatile unit of
processing that the CLR can use to provide isolation between
applications. Several application domains can be run in a single process
with the same level of isolation that would exist as separate processes,
but without incurring the additional overhead of making IPC calls or
switching between processes.Traditionally, the process boundaries have
been used to isolate applications running on the same computer. Each
application is loaded into a separate process, which isolates one
application from another applications running on the same computer.
The applications are isolated to provide process security. As a result, the
process cannot make direct calls to another process. Instead, IPC
techniques have to be used to have communication between the
processes. Each application is a separate process
9. Write a note on metadata.
An assembly stores all the information about itself. This information is

called metadata and includes the name and version number of the
assembly, security information, information about the dependencies, and
a list of the files that constitute an assembly. Metadata is the binary
information describing the program.
When we compile our code into a PE file, the metadata is inserted into
one portion of the PE file, while the code is converted to IL and inserted
into another portion of the PE file. Every type member that are defined or
referenced in a module is described within metadata. When code is

executed, the runtime loads metadata into memory and refers it to get
information about the codes classes, members, inheritance, and so on.
Metadata allows .NET languages to describe themselves in a languageneutral manner. It gives required information to the CLR to perform
much of its functionalities. The presence of metadata makes the
assembly self-describing file. The CLR modules or components or other
assemblies which want to communicate with each other use this
information stored in metadata to perform their tasks.
1. What is BCL?
The BCL is an object-oriented library of pre-packaged functionality.
2. What is the difference between managed code and managed data?
The code that targets the functionalities of the CLR is known as the
managed code. C#, VB.NET, and Jscript.NET code is managed by default.
However, C++ code is not managed by default.
Managed data refers to the data that is allocated and deallocated by the
garbage collection feature of the CLR.
8. What is the function of CTS? Explain the classification of types in CTS

with the help of a diagram.The CTS defines how types are declared, used,
and managed in the runtime. It is important for language

interoperability. The CTS performs the following functions:
n Establishes a common framework that enables cross-language
integration, type safety, and high performance code execution.
n Provides an object-oriented model.
n Defines rules that languages must follow, so that different languages

can interact with each other.
CTS can be classified into:
Value types
Reference types
The following diagram illustrates type classification.
Value types directly store data in the variable. Value types can be built-in
type, user-defined types, or enumerations. Reference types store a
reference to the datas memory address. Reference types can be selfdescribing types, pointer types, or interface types. Self-describing types
are further split into arrays and class types. The class types are userdefined classes, boxed value types, and delegates.
All types derive from the System.Object base type.
Consider another program, in which the fibonacci series is generated till

21:using System;namespace ConsoleApplication1
{
class fibSeries
static void Main()
int x=0;
int y=1;
int z=x+y;
Console.WriteLine(x);
Console.WriteLine(y);
Console.WriteLine(z);
while(z!=21)
x=y;
y=z;
z=x+y;
Console.ReadLine();
Consider another program, which checks if the entered number is a

palindrome or not:
using System;
namespace ConsoleApplication1
class PalEx
public static void Main()
int n,num,digit,sum=0,rev=0;
string s;
Console.WriteLine(Please enter a number);
s=Console.ReadLine();
num=Int32.Parse(s);
n=num;
do
digit=num%10;
sum+=digit;
rev=rev*10+digit;
num/=10;
}while(num!=0);
Console.WriteLine(Sum of the digit of the number = {0},sum);
Console.WriteLine(Reverse of the number = {0},rev);
if(n==rev)
Console.WriteLine(The number is a palindrome);
else
Console.WriteLine(The number is not a palindrome);
Console.Read();
3. What is the difference between an assembly and a namespace?An

assembly is a single deployable unit that contains all the information
about the implementation of classes, structures, and interfaces.
Namespaces help you create logical groups of related classes and
interfaces that can be used by any language targeting the .NET
Framework.4. What is GAC?
When you create an assembly, it can be accessed by only the local
application that created it. However, multiple applications might require
accessing the same assembly. In such situations, you need to store the
assembly at a central location. This is done by adding the assembly to
the Global Assembly Cache (GAC). GAC is a machine-wide code cache
that is used to store assemblies that are created to be shared by multiple
applications. You need to assign a strong name to the assemblies before
adding it to the GAC.
An assembly can be added to the GAC by using the following methods:
n Using the Windows installer. (The installer used must be compatible

with the GAC.)
n Using the Gacutil.exe that is the GAC tool.
n Using the Windows drag and drop feature.
5. Differentiate between a .dll and a .exe.
A .dll runs in the same memory process as the container. This means
that if the .dll is corrupted, it will cause the parent application to crash.
An .exe on the other hand runs in a different memory process. This
means that even if the .exe gets corrupted, the parent application will not
be harmed. However, execution of an .exe is slower as compared to .dll.
6. In which file are the assembly details like assembly name and version
number stored?
AssemblyInfo.cs
1. List out the important features of C#.
The features of C# are as follows:
C# is an elegant, simple, type-safe, object-oriented language.
C# has the capability to build durable system-level components due to

the following features:
Full COM/platform support for existing code integration
Robustness through garbage collection and type safety
Security provided through good design
Full support of extensible metadata concepts
C# supports language interoperability and platform independence.
Chapter Three C# Language TourFeatures of Visual C# .NETVisual

C# .NET 2003 allows you to create XML Web services and application for
Windows and the Web. The features of Visual C# .NET 2003 are as
follows:
n Interoperability: You can easily integrate existing applications and
components.
n Component-oriented language: C# supports properties, delegates,

indexes, arrays, attributes, inheritance, XML Web services, and many
more features.
n Application development environment: The Visual C# .NET 2003 IDE

provides a complete application development environment that helps
create applications easily and quickly.
Microsoft has recently launched Visual C# .NET 2005. Visual C# .NET

2005 includes various enhanced and new features that cut down
development time and increase productivity. One such feature is the C#
refactoring tool. The C# refactoring tool includes tools that automate
many common code refactoring tasks. You can easily rename classes,
properties, and methods, extract code, reorder or delete parameters,
promote a local variable to be a parameter, encapsulate fields, and
perform many other refactoring tasks.
Sample C# Programs
Consider the following program, in which two numbers are added:
using System;
class Add
static void Main()
7int num1, num2, sum;
System.Console.WriteLine(Enter the first number);
string s1 =Console.ReadLine();
num1=int.Parse(s1);
System.Console.WriteLine(Enter the second number);
string s2 =Console.ReadLine();
num2=int.Parse(s2);
sum=num1+num2;
System.Console.WriteLine(Sum: {0}, sum);
Console.Read()
10. It is told that if we learn any one .NET language, then working with
other .NET languages will be easy. How? Explain with an appropriate
example.It can be told that if you have learned any one .NET language,
then working with other .NET languages will be easy. This is because all
the .NET languages rely on the same managed classes of BCL for the
same services. The same classes, methods, parameters, and types are
used for all the system services regardless of any .NET language.Let us
look at the following code that writes to and then reads from a file:
// Program in C#
using System;
using System.IO;
static public void Main()
StreamWriter sw1=new StreamWriter(temp.txt, true);
string tempstring=Hi, this is Gopal;
sw1.WriteLine(tempstring);
sw1.Close();
StreamReader sr1=new StreamReader(temp.txt);
string filestring=sr1.ReadToEnd();
sr1.Close();
Console.WriteLine(filestring);
// Program in VB.NET
shared public sub Main()
dim sw1 as StreamWriter=new StreamWriter(temp.txt, true)
dim tempstring as string= Hi, this is Gopal
sw1.WriteLine(tempstring)
sw.Close()
dim sr1 as StreamReader=new StreamReader(temp.txt)
dim filestring as string=sr1.ReadToEnd()
sr1.Close()
Console.WriteLine(filestring)
end sub
If we see, both versions of the above program are nearly identical. The
syntax and use of StreamReader, StreamWriter, and the Console class
are identical, same methods, and identical parameters.
2. Write a program in C# to display Welcome to the world of C Sharp.

Explain the program.The C# program is as follows:using System;
class Welcome
static void Main()
System.Console.WriteLine(Welcome to the world of C Sharp);
Console.Read();
The important points to be noted in this program are:
Main method: Program execution begins with the Main method.
Input and output: The WriteLine function displays the string on the
standard output device.
Compilation and execution: To compile the program, enter the following

command:
csc Welcome.cs
To execute the program, enter the following command:
Welcome
1. Can you use the using statement with multiple objects?
You can use the using statement with multiple objects by nesting using
statements, as shown in the following code snippet:
using (object1);
using (object2);
Consider the following code snippet:
using (StreamWriter w1 = File.CreateText(SW1))

{
{
// code here
}
}
You can simplify the above code by writing:

{
// code here
}
The above code snippet illustrates the use of nested using statements.
3. Explain the general structure of a C# program.C# program can consist

of one or more files. Each file can contain one or more namespaces. A
namespace contains group of related types such as classes, structs,
interfaces, enumerations, and delegates. Namespaces may be nested. The
following is the structure of a C# program that contains all of these
elements:using System; //Using the System Namespace
namespace Namespace1 //Defining a namespace
class Class1 //Defining a class
struct Struct1 // Defining a structure
interface Interface1 //Defining an interface
delegate int Delegate1();
enum Enum1 //Defining an enumeration
namespace Namespace2 //Defining a namespace
class Class2 //Defining a class
public static void Main(string[] args) //Program execution begins //from

here
4. How do namespaces and types in C# have unique names? Give an

example.
Namespaces and types always have unique names. If there are two
classes with the same name but present in different namespaces, then
both the objects will have unique fully qualified names. Consider the
following code snippet:
namespace ABC
// ABC
class Class1
// ABC.Class1
namespace XYZ // XYZ
class Class1 // XYZ.Class1
Here the ABC.Class1 and XYZ.Class1 are two different types, even if the
class name is same.
5. List out the difference between C# and C++.The differences between

C# and C++ are as follows.n C# is purely object-oriented language,
whereas C++ support object-oriented programming.
n Arrays: The syntax of declaring C# arrays is different from that of C++
arrays. The tokens []
appear following the array type in C#.
n The bool type in C#: There is no conversion between the bool type and
int.
n The long type: In C#, the long data type is 64 bits, while in C++, it is 32
bits.
n The struct type: In C#, classes and structs are semantically different. A
struct is a value type,
while a class is a reference type.
n The switch statement: Unlike the C++ switch statement, C# does not
support fall through from
one case label to another.
n The delegate type: Delegates are roughly similar to function pointers in

C++, but they are typesafe
and secure.
n Preprocessor directives are used for conditional compilation. No header

files are used in C#.
n C# operators: C# supports additional operators such as is and typeof.

It also introduces different
functionality of some logical operators.
n The Main method is declared differently from the main function in C++.
The usage of th
10. How are structures different from classes in C#?Structures are value
types and classes are reference type. A variable of a structure type
directly contains the data of the structure, whereas a variable of a class
type contains a reference to the object. You can inherit classes but you
cannot inherit structures.11. What are interfaces? Give an example.
Interfaces are used to define a contract; a class or struct that implements
the interface must obey to this contract. Interfaces can contain methods,
properties, indexers, and events as members. They cannot contain
constants, fields (private data members), constructors, and destructors,
or any type of static member. All the members of an interface are public
by definition.
interface IExample
string this[int index] { get; set; }
event EventHandler E;
void Func(int value);
string P { get; set; }
public delegate void EventHandler(object sender, EventArgs e);
The above example shows an interface that contains an indexer, an event

E, a method Func, and a property P.
Jump Statements
Jump statements allow you to easily transfer control from one branch of
the program to another. Following are some of the jump statements:
n break: This statement is used to terminate from a loop or a switch

statement. Control is passed to the statement following the terminated
statement. In the following example, the break statement terminates the

loop after five counts:
class BreakEx
static void Main()
for (int ctr = 1; ctr <= 10; ctr++)
if (ctr == 6)
break;
Console.WriteLine(ctr);
continue: This statement is used to transfer control to the next iteration

of the loop. In the following example, the statements between the
continue statement and the end of the loop body are skipped:
using System;
class ContinueEx
static void Main()
for (int ctr = 1; ctr <= 10; ctr++)
if (ctr < 9)
continue;
Console.WriteLine(ctr);
2. Has C# got its own class library?C# has not got its own class library. It
uses the class library of the .NET Framework.3. How will you compile
Test1.cs to produce NewFile.exe?
You need to type the following command to implement this task:
csc /out:NewFile.exe Test1.cs
4. How will you compile Test1.cs to produce a dll file?
You need to type the following command to implement this task:
csc /target:library Test1.cs
Solutions to Chapter Four Questions
1. Which are the two different categories of types in C#?
In C# language, the types are divided into two categories:
Value types: Variables of the value types directly contain their data. With
value types, the variables have their own copy of the data.
Reference types: Variables of the reference types store address of their

data. With reference types, it is possible for two variables to reference the
same object.
2. What are variables? How many categories of variables are there in C#?
Define each.
Variables represent storage locations. Every variable has a type that

determines what kind of data can be stored in the variable.
There are seven categories of variables:
Static variables: A variable declared with the static modifier is called a

static variable. There will be only one copy of the variable, regardless of
how many instances of class (in which static variable exists) are created.
Instance variables: A variable declared without the static modifier is an

instance variable.
Array elements: The array is a container that has a list of storage

locations for a specified type. The elements for a specified type of an
array come into existence when an array instance is created and exists
until there are no references to that array instance.
Value parameters: Parameters are arguments passed to the function. A

parameter declared without a ref or out modifier is a value parameter. A
value parameter comes into existence when the function is invoked and
is initialized with the value of the argument passed. A value parameter
exists until the function returns.
Reference parameters: A parameter declared with a ref modifier is a

reference parameter. A reference parameter does not create a new
instance, it points to the same storage location of the parameter passed
as an argument.
Output parameters: A parameter declared with an out modifier is an

output parameter. The value of an out argument is not passed to the out
parameter.
Local variables: A local variable is declared within a block, like a forstatement, a switch-statement, or a using-statement. A local variable is
not automatically initialized and thus has no default value.
5. What are empty statement and labeled statements? Why are they
used?
An empty statement (;) is used when there are no operations to perform.

Execution of an empty statement simply transfers control to the end
point of the statement. For example, an empty statement can be used
when writing a while statement with a null body:
while (WaitForAnEvent())
An empty statement can also be used to declare a label just before the
closing } of a block:
void Func()
if (true) goto exit;
exit: ;
A labeled statement is prefixed by a label of a character string. Labeled

statements are permitted in blocks. A label is a name given by the
identifier. The scope of a label is the block in which the label is declared.
If two labels have the same name, you get a compile time error.
A label can be referenced from goto statements within the scope of the
label. Labels and other identifiers can have the same name.
int Func(int abc)
if (abc >= 0)
goto abc;
abc = -abc;
abc: return abc;
}The above example uses the name abc as both a parameter and a label.
Chapter Four C# Language Specifications
Namespaces
Namespaces are useful in the following manner:Namespaces allow you to

organize your classes so that they can be easily accessed in other
applications.Namespaces can be used to avoid any naming conflicts
between the classes that have the same names.
Properties of Namespaces
Namespaces have the following properties:
They help organize projects.
They are delimited with their members with the . operator. For example,
in System.Console, System is a namespace and Console is a class.
Namespaces are accessed in the program with the using keyword.
root namespace: global::system is a global namespace that always

refers to the .NET Framework namespace system.
Namespace Aliases
You can create aliases for the namespaces with the using keyword. For
example, the following code snippet declares an alias to provide a faster
way of referencing a namespace:
using ex = Project.Example.Names
Interface
An interface defines properties, methods, and events. The properties,

methods, and events that are defined in the interface are known as the
members of the interface. It is important to note that interfaces contain
only the declaration of members. Classes and structures implement
these interface members.
An interface enables you to separate the definition of objects from their

implementation so that the objects can evolve without the risk of
introducing incompatibility in existing applications.
An interface can be a member of a namespace or a class.
An interface can inherit from one or more base interfaces. The following
code snippet illustrates this:
interface IExample : IBase1, IBase2
//Method declarations
Interfaces are similar to abstract classes. However, interfaces represent

the highest level of abstraction in object-oriented programming. This is
because all the methods in an interface are abstract and do not have
implementation. In contrast, the abstract classes that are created by
using the MustInherit keyword might contain a method that has a body.
3. What is the importance of automatic memory management? Explain

with example.
Manual memory management requires developers to manage the

allocation and de-allocation of blocks of memory. Manual memory
management can be both time consuming and difficult. In C#, automatic
memory management is provided so that developers are freed from this
manual task. Automatic memory management increases code quality
and enhances developer productivity without negative impact on either
expressiveness or performance. Consider the following example:
using System;
public class Stack
private Node first = null;
public bool Empty
get {
return (first == null);
public object Pop()
if (first == null)
Console.Write(Cant Pop from an empty Stack.);
else
object temp = first.Value;
first = first.Next;
return temp;
public void Push(object o)
first = new Node(o, first);
class Node
public Node Next;
public object Value;
public Node(object value): this(value, null) {}
public Node(object value, Node next)
Next = next;
Value = value;
In the above example, a Stack class is implemented as a linked list of

Node instances. These node instances are created in the Push method
and are deallocated when no longer in use.
4. Write a note on expressions and operators in C#.An expression is a

sequence of operators and operands that specifies computation and
assigns the result to a variable. Expressions are constructed from

operands and operators. The operators of an expression indicate which
operations to perform. Examples for operators are +, -, *, /, etc.
Examples for operands are literals, variables, and expressions.There are
three kinds of operators:
n Unary operators: The unary operators operate on only one operand.
For example, x, x++.
n Binary operators: The binary operators operate on two operands. For

example, x + y.
n Ternary operator: The ternary operator operates on three operands.

For example, condition? true_exp: false_exp. There is only one ternary
operator, ?:.
The order of evaluation of operators in an expression is determined by

the precedence and associability of the operators. When an expression
contains multiple operators, the precedence of the operators controls the
order in which the individual operators are evaluated. For example, the
expression x + y * z is evaluated as x + (y * z) because the * operator has
a higher precedence than the + operator.
14. Write a note on namespaces in C#.C# programs are organized by

using namespaces. Namespaces are used both as an internal
organization system for a program, and as an external organization
system. This is a way of writing program elements that are exposed to
other programs. A namespace declaration consists of the keyword
namespace, followed by a namespace name and body:namespace
NamespaceNameClasses actually contain data and Namespaces are used

to logically arrange classes. Namespaces can also contain many other
Namespaces and classes. C# classes are organized by using namespaces.
Namespaces provide a way to group classes by providing an extra level of
naming beyond the class name.
Namespaces are implicitly public and the declaration of a namespace
does not include any access modifiers. The identifier or name of a
namespace may be a single identifier or a sequence of identifiers
separated by . tokens. The latter form permits a program to define a
nested namespace.
Consider the following code snippet:
namespace Example.Namespace1{
NmEx
public class
{ public string Display()
return Namespace example;
} }}
Namespaces are hierarchical, and the name Example.Namespace1 is an

easier and convenient way for defining a namespace named Example that
contains a namespace named Namespace1, as in:
namespace Example {
namespace Namespace1
}}
12. What is a delegate? What is the use of it? Give an example.Delegates

are objects that you use to call the methods of other objects. Delegates
are said to be
object-oriented function pointers since they allow a function to be
invoked indirectly by using a reference to the function.A delegate
declaration defines a class that is derived from the class
System.Delegate. A delegate instance encapsulates one or more methods,
each of which is referred to as a callable entity. For instance methods, a
callable entity consists of an instance and a method on that instance. For
static methods, a callable entity consists of just a method. Given a
delegate instance and an appropriate set of arguments, one can invoke
all instance methods of that delegate with that set of arguments.
Consider the following example of a delegate:
class Test
static void F()
System.Console.WriteLine(Test.F);
static void Main()
SimpleDelegate dele = new SimpleDelegate(F);
dele();
The above example creates a SimpleDelegate instance, dele, and then

immediately calls it. This program displays Test.F
13. Write a program to demonstrate the usage of enums in C#.The

following program illustrates the use of enums.enum Color
{
Red,
Blue,
Green
class Shape
public void Fill(Color color)
switch(color)
case Color.Red:
Console.WriteLine(RED);
break;
case Color.Blue:
Console.WriteLine(BLUE);
break;
case Color.Green:
Console.WriteLine(GREEN);
break;
default:
break;
Console.Read();
The above program shows a color enum and a method that uses this
enum.
15. What is the use of attributes in C# programs?C# is an

imperative language, but like all imperative languages it does have some
declarative elements. For example, the accessibility of a method in a
class is specified by declaring it public, protected, internal, protected
internal, or private. C# generalizes this capability, so that programmers
can invent new kinds of declarative information, attach this declarative
information to various program entities, and retrieve this declarative
information at runtime. Programs specify this additional declarative
information by defining and using attributes.1. What will be the value of i
in the following code:
for(int i = 0; i < 10 ; i++);
The variable i will be initialized to 0, then i will be incremented till its

value is less then 10. At the end of the loop, i will have a value of 10.
2. What is wrong with the following statement:
if(x=5)
= is an assignment operator. While checking for values, the comparison

operator, ==, has to be used.
3. What will be the output of the following code:
using System;
class increment
static void Main()
int x, y, z;
x=5;
y=++x;
z=x++;
Console.WriteLine(x);
Console.WriteLine(y);
Console.Read();
}Ans:7 6 6
3. Give any two new features of ADO.NET 2.0.Some of the new features of
ADO.NET 2.0 are:n Multiple Active Result Sets (MARS): In the earlier
versions of SQL Server, database applications could not maintain
multiple active statements on a connection. When using SQL Server
default result sets, the applications had to process or cancel all result
sets from one batch before it could execute any other batch on that
connection. MARS is a new feature supported by Visual Studio 2005 that
allows you to:
Implement multiple batches on a single connection.
Have more than one pending request under a given SQL Server
connection.
n Batch updates: In the earlier versions of ADO.NET, a DataAdapter
could send only one SQL statement at a time to the server. This hindered
faster updates to the database. To address this issue, ADO.NET 2.0 now
supports batch updates. Batch support in ADO.NET 2.0 allows a
DataAdapter to group insert, update, or delete operations from a DataSet
or DataTable to the server, instead of sending one operation at a time. A
significant benefit of batch updates is that there are fewer round trips to
the database server if you have a large number of rows to update. Batch
updates are supported for the .NET data providers for SQL Server
(SqlClient) and Oracle (OracleClient).
4. When should you select a dataset and a data reader?
When you need to work with a large number of tables, you should use a
data reader. If the number of tables is less, you should use a dataset. If
multiple users use the database and the database needs to be updated
frequently, you should use a data reader.
Chapter8Technologies Used In Web ServicesA Web service can be

created by using any programming language in the .NET suite, such as
Visual Basic .NET, Visual C# .NET, or Visual C++ .NET. However, certain
requirements need to be fulfilled to enable applications to access the
functionality provided by Web services. These requirements are listed
below:n A common data representation format in order to ensure the
interoperability of the data exchanged by the client application and the
Web service.
n A standard method for sending messages from the client application to
the Web service and vice versa.
n A standard format for describing the Web service.
n A mechanism to allow client applications to discover the Web services

and their locations.
To cater to these requirements, various standards such as XML, Simple

Object Access Protocol (SOAP), and Web Services Description Language
(WSDL) are used for developing and accessing Web services. In addition,
the Universal Description Discovery and Integration (UDDI) initiative is
used to allow client applications to discover the Web services provided by
various Web service providers. Let us look at each of these enabling
technologies in detail.\
XML
A client application passes arguments to a method exposed by a Web
service. The method performs some action on the arguments and returns
the r esults to
the client application. The data returned
by the Web service can be used by the client application, regardless of

the hardware and software platform used to develop the application. To
enable this kind of data interchange, you require a standard data
representation format that can be understood by any platform. Since
XML is a plain-text format that can be understood by any kind of device,
it caters to this requirement.
SOAPTo be able to communicate with each other, a Web service and a

client application must agree upon a common protocol. SOAP is a
standard communication protocol for interchanging information in a
structured format in a distributed environment. The information
exchanged between the client application and the Web service is called a
message. Messages include the calls made by a client application to a
Web method and the data returned by the Web method to the client.
When a client application makes a request for a Web method, a SOAP
packet is created. This packet contains the name of the Web method to
be invoked and the parameters to be passed to the Web method. This
information is used to invoke the Web method. When the SOAP packet
arrives at the Web server on which the Web service resides, the Web
method name and its parameters are extracted from the SOAP packet
and the appropriate Web method is invoked.WSDL
To be able to use a Web service, the developers of a client application
need to know the methods exposed by the Web service and the
parameters to be passed to these methods. Therefore, you need a
standard method to describe the methods that are exposed by a Web
service. This information should be readily accessible to the Web service
clients during the design phase. This is achieved by using an XML

vocabulary called Web Services Description Language (WSDL). WSDL is a
markup language that describes a Web service.
A WSDL document contains the following information about a Web

service:
n The Web services available for a given Website
n The purpose for which these services can be used
n The types of parameters that need to be passed to a Web service
n The type of value that is returned by a Web service
n The format used to access these Web services
n The URL at which a Web service can be accessed
UDDIUDDI provides a standard mechanism to register and locate a Web

service. When a Web service provider wants to make a Web service
available to client applications, it describes the Web service by using a
WSDL document. Then, the provider registers the Web service in the
UDDI Directory. The UDDI Directory contains pointers to the Web service
and the WSDL document for the Web service. Client applications can
then locate the Web service by using the UDDI Directory.The following
diagram depicts the relation between the various enabling Web service
technologies.
7. What is the role of System.Web?
The System.Web namespace supplies classes and interfaces that enable

browser and server communication. This namespace includes the
HttpRequest class that provides extensive information about the current
HTTP request, the HttpResponse class that manages HTTP output to the
client, and the HttpServerUtility class that provides access to server-side
utilities and processes. System.Web also includes classes for cookie
manipulation, file transfer, exception information, and output cache
control.
8. Write a program to demonstrate handling of server control events.
Select StartProgramsMicrosoft Visual Studio .NET 2003Microsoft

Visual Studio .NET 2003 to open the Start Page of Visual Studio .NET
IDE.
Select FileNewProject to open the New Project dialog box.
Select Visual C# Projects from the Project Types pane and ASP.NET Web
Application from the Templates pane. Click the OK button.
Select ViewToolbox from the main menu. The Toolbox window is
displayed in the left pane.
Using the Web Forms tab of Toolbox, add the following controls to
WebForm1.aspx and change the properties of the controls, as shown in
the following table.
Server Controls in ASP.NETYou design the user interface of a Web page

by using controls called ASP.NET server controls. Server controls are
different from usual Windows controls because they work within the
ASP.NET Framework. As soon as the client requests a Web page,
ASP.NET converts these controls into HTML elements, which are
displayed in the browser. These controls support raising of events on
user interaction.Broadly, there are four types of server controls in
ASP.NET, as described below:
n ASP.NET HTML controls: ASP.NET HTML controls are server-side
replicas of the standard HTML tags and are executed by using the
aspnet_isapi.dll function. The HTML tags are converted into HTML
controls by using attributes such as ID and RUNAT. After an HTML tag is

converted into an HTML control, the tag becomes a server-side object
with properties, methods, collections, and events.
The following table displays some of the commonly used HTML controls
with the corresponding HTML tags.
1. What is a Web service? Explain its working.

Web service refers to a platform on which you can build distributed
applications. A Web service exposes a number of methods that provide
functionality that can be used by one or more applications, regardless of
the programming languages, operating systems, and hardware platforms
used to develop them. In other words, a Web service ensures
interoperability. Consider the following figure.
Communication Between Client Application and Web Service
The functionality exposed by a Web service can be accessed by

applications by using Internet standards, such as Simple Object Access
Protocol (SOAP). SOAP is a protocol that uses extensible Markup
Language (XML) to describe data and HyperText Transfer Protocol (HTTP)
to transmit application data. An application that uses a Web service is
called a Web service client. The client sends a request to the Web service.
The cloud in the figure refers to the Internet. If the Web service calls
some other service to get the answer or response, the Web service can
take a while to respond. While it is waiting for the response, the client
can perform other operations.
design on web page, we can specify a handler to be run back on the

server, so the code behind the
controls is done through server-side processing, and we can write that

handler in any .NET language. We
are now able to program our Web page in C# also. Nice thing about this
is it allows separation of the
design; the HTML is used for any type of Web page, and for the serverside code any .NET languages.
The text boxes for Password and Confirm Password fields need to display
asterisks (*) when a user enters a value. To enable this, set the TextMode
property of these two text boxes to Password in the Properties window.
Add three RequiredFieldValidator controls to the WebForm1.aspx form by
using the Web Forms tab of the Toolbox.
Add one CompareValidator control to the WebForm1.aspx form by using
the Web Forms tab of the Toolbox.
Double-click the WebForm1.aspx form to open the code-behind file with
a .cs extension. In the Load event of the page, enter the following lines of
code:
ddlcountry.Items.Add(Bangladesh);
ddlcountry.Items.Add(Bhutan);
ddlcountry.Items.Add(India);
ddlcountry.Items.Add(Nepal);
ddlcountry.Items.Add(Pakistan);
ddlcountry.Items.Add(Sri Lanka);
CompareValidator1.ControlToValidate=txtcpassword;
CompareValidator1.ControlToCompare=txtpassword;
CompareValidator1.Text=The values of Password and Confirm Password

fields does not match;
RequiredFieldValidator1.ControlToValidate=txtuname;
RequiredFieldValidator1.Text=Please enter a user name;
RequiredFieldValidator2.ControlToValidate=txtpassword;
RequiredFieldValidator2.Text=Please enter a password;
RequiredFieldValidator3.ControlToValidate=txtcpassword;
RequiredFieldValidator3.Text=Please re-enter the password;
In the Click event of btnsubmit, enter the following code:

if(IsValid)
lblmessage.Text=Welcome + txtfname.Text + +txtlname.Text +
.You have successfully registered.;
Execute the application.

4. What is ASP.NET?ASP.NET is a framework for developing high
performance Web applications. It is a compiled,
.NET-based environment. You can write applications in any .NET

compatible language, including VB.NET, C#, and JScript .NET.
Additionally, the entire .NET Framework is available to any ASP.NET
application5. What is the use of ASP.NET?
ASP.NET provides a new programming model and infrastructure for more
secure, scalable, and stable applications. You can write applications in
any .NET compatible language, including VB.NET, C#, and JScript .NET.
Developers can easily use the benefits of these technologies, which
include the managed CLR environment, type safety, inheritance, and so
on.
ASP.NET has been designed to work seamlessly with What You See Is
What You Get (WYSIWYG) HTML editors and other programming tools,
including Microsoft Visual Studio .NET. Not only it makes Web
development easier, but it also provides all the benefits that tools offer,
including a GUI that developers can use to drop server controls onto a
Web page and fully integrated debugging support.
6. Write a program to display Welcome to ASP.NET 8 times in

increasing order of their font size by using ASP.NET.
The following program displays Welcome to ASP.NET eight times in

increasing order of their font size.
In the following code, the Web application name WebApplication9 is

application specific:
<%@ Page language=c# Codebehind=WebForm1.aspx.cs

AutoEventWireup=false Inherits=WebApplication9.WebForm1 %>
<!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN

>
<html>
<head>
<title>WebForm1</title>
<meta name=GENERATOR Content=Microsoft Visual Studio .NET

7.1>
<meta name=CODE_LANGUAGE Content=C#>
<meta name=vs_defaultClientScript content=JavaScript>
<meta name=vs_targetSchema
content=http://schemas.microsoft.com/intellisense/ie5>
</head>
<body MS_POSITIONING=GridLayout>
<form id=Form2 method=post runat=server>
<%for(int i=0;i<8;i++){%>
<font size=<%=i%>>Welcome to ASP.NET</font><br/></font>
<%}%>
</form>
</body>
</html>
1. Where does the Web page belong in the .NET Framework class
hierarchy?
System.Web.UI
2. What is a session cookie? How is it different from a persistent cookie?
A session cookie, exist in the memory space of a browser. When the

browser is closed, all session cookies added to the browser are lost. A
persistent cookie is saved as a text file in the file system of the client
computer.
3. Differentiate between Application_OnStart and Application_OnEnd

events.
The Application_OnStart event is triggered when an application starts. If

you want a script to be executed as soon as the application starts, you
should add it to the Application_OnStart event. This event is triggered
only when the application starts, and is not triggered again until the IIS
service is stopped, the Global.asax file is modified, or the application is
unloaded.
The Application_OnEnd event is triggered when an application ends. An

application ends when the Web server is shut down.
4. What is a virtual directory?
A virtual directory is the main directory of a Website. This virtual

directory contains all the files, subdirectories, script pages, HTML pages,
programs, graphics, and other resources of a Website. Every Website
needs to have a virtual directory and the virtual directory might contain
subdirectories within it.
5. What is a Master page?A Master page sets the standard layout and
required content that you want to appear on all the pages. A Master page
includes named regions or content placeholders for which Content pages
provide custom content. A Content page is an .aspx file. It identifies only
its Master Page and the necessary content to fill the placeholders
specified in the Master Page.A Web application should have a consistent
layout and appearance. The structure of the various pages of the
application should not be different. However, if the application is large
and multiple people contribute to its development and maintenance, this
consistency is difficult to ensure. ASP.NET 2.0 now provides a solution to
this by giving developers an option to create Master pages.
1. What
is .NET Remoting?Remoting is the process of communication between

different processes, regardless of whether they are on the same or
different computers. The .NET remoting system is an architecture
designed to simplify communication between objects existing in different
application domains whether or not on the same computer. It also
simplifies communication between different contexts whether or not in
the same application domain.2. How is .NET Remoting different from
Web services and DCOM?
The differences between .NET Remoting and Web services are listed as
follows:
n ASP.NET based Web services can only be accessed over HTTP, whereas
the .NET Remoting can be used across any protocol.
n Web services work in a stateless environment where each request

results in a new object created to service the request. .NET Remoting
supports state management options and can identify multiple calls from
the same client.
n Web services serialize objects through XML contained in the SOAP

messages and can thus only handle items that can be fully expressed in
XML. .NET Remoting relies on the existence of the metadata within
assemblies that contain information about data types. This limited
metadata information is passed about an object, when it is passed by
reference.
n Web services support interoperability across platforms and are good

for heterogeneous environments. .NET Remoting requires the clients to be
by built using .NET, which means a homogeneous environment.
The difference between .NET Remoting and DCOM is listed as follows:
n DCOM relies on a proprietary binary protocol that not all object

models support. It also wants to communicate over a range of ports that
are typically blocked by firewalls. However, .NET Remoting supports
different transport protocol formats and communication protocols. This
allows .NET Remoting to be adaptable to the network environment in
which it is being used.
3. Explain remoting architecture.Using object references to communicate

between server objects and clients is the heart of remoting
The remoting architecture, however, presents to the programmer an even

simpler procedure. If we configure
the client properly, we need only create a new instance of the remote
object using new. Our client
receives a reference to the server object, and we can then call its methods
as though the object were in
our process rather than running on a separate computer. The remoting
system uses proxy objects to
create the impression that the server object is in the clients process.
Proxies are stand-in objects that
present themselves as some other object. When our client creates an
instance of the remote type, theremoting infrastructure creates a proxy
object that looks to our client exactly like the remote type. Our
client calls a method on that proxy, and the remoting system receives the
call, routes it to the server
process, invokes the server object, and returns the return value to the
client proxy, which returns the result
to the client. Remote calls must be conveyed in some way between the
client and the server process. If we were
building a remoting system ourselves, we might start by learning network

programming and a wide array
of protocols and serialization format specifications. But in the .NET

Remoting system, the combination of
underlying technologies required to open a network connection and use a

particular protocol to send the
bytes to the receiving application are represented as a transport

channel.A channel is a type that takes a stream of data, creates a
package according to a particular network protocol, and sends the
package to another computer. Some channels can only receive
information, others can only send information, and still others, such as
the default TcpChannel and HttpChannel classes, can be used in both
directions. The client knows only that it wants a reference an object in
another application domain on another computer. From the world
outside the server application domain, the object is located by a URL.
The URLs that represent unique types to the outside world are activation
URLs, which ensure that our remote call is made to the proper type.
4. With a neat diagram explain the remoting process.The primary

function of remoting is to communicate between server and client by
using objects. After the client is configured properly, a new instance of
the remote object is created. Proxy objects are used by the remoting
system. Proxies are those objects that present themselves as some other
objects. The infrastructure of remoting creates proxy objects when a user
generates an instance of remote types. To the user, this proxy object will
look exactly similar to the remote objects. In this proxy object, the user
calls a method and the call is received by the remoting system. The
method is then routed to the server and it invokes the server object. After
invoking the server object, a value is returned that is sent back to the
client proxy. This will provide the results to the user.The communication
between server and client is done by using a channel. A channel carries
the data stream, makes a package related to a particular protocol, and
sends the package to a different computer. In remoting architecture, the
process of remoting is designed considering the security factor.
5. Explain the steps or phases involved in implementing .NET remoting

applications.The phases involved in implementing .NET remoting
applications are:
Create a remotable object: A remotable object is an object that inherits
from MarshalByRefObject.
Create a server to expose the remote object: A server object acts as a
listener to accept remote object requests.
Create a client to use the remote object: A client object will connect to the
server, create an instance of the object using the server, and then
execute the remote methods.
6. Write a program to demonstrate .NET remoting.
The steps involved in implementing .NET remoting applications are:
Create a remotable object.

Add the following code in the code window of a Class Library:
using System;
namespace RemoteTest
public class TestLoader : System.MarshalByRefObject
public TestLoader()
System.Console.WriteLine(Hello World);
public string Test ()
string stc=Client;
return stc;
Build the code.
2.
Create a server to expose the remote object.
We have to add a class called SampleServer, as shown in the following

code. Add a reference to
System.Runtime.Remoting, otherwise the TcpChannel will not be found
as mentioned earlier. In addition,
we have to add a reference to the previous program containing the
SampleObject, otherwise the code will
6.
not compile because it wont know how to find a reference to
SampleObject.
7. using System;
8. using System.Runtime.Remoting;
9. using System.Runtime.Remoting.Channels;
10. using System.Runtime.Remoting.Channels.Tcp;
11. namespace Remoting
12. {
13. // Sample server
14. public class SampleServer
15. {
16. public static int Main(string [] args)
17. {
18. // Create an instance of a channel
19. TcpChannel channel = new TcpChannel(8080);
20. ChannelServices.RegisterChannel(channel);
21. // Register with the name HelloWorld
22. RemotingConfiguration.RegisterWellKnownServiceType(
23. typeof(SampleObject), HelloWorld,
WellKnownObjectMode.SingleCall );
24. System.Console.WriteLine(Press the enter to exit);
25. System.Console.ReadLine();
26. return 0;
27. }
28. }
}
30.
Create a client to use the remote object.
Here we have a class called SampleClient in the following code. Again we

have to add a reference to
System.Runtime.Remoting. In addition, add a reference to the program

containing the SampleObject.
Compile the class.
Test the Remoting Sample
Once we have created all the above code and successfully compiled each
of them, we are ready to
run it. Assuming we chose a free TCP/IP port for the service, start the
server executable. After the
server successfully starts it will display in a console window the message

Press the enter key to exit.
The server is listening so we are now ready to run the client. Executing
the client should result in Hello
World! being displayed in a separate console window. The client window

will then close while the server
remains open and available.
using System;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Tcp;
namespace Remoting
// Sample client
public class SampleClient
public static int Main(string [] args)
4. What is activation?
Activation is a process in which the object is loaded into memory so that

the object is in a running state. The types of activation are:
n Server activation: When the activation process occurs from the server
then the activation is said to be server activation.
n Client activation: When the activation process is from the client side
then the activation is said to be client activation.
n Remote object activation: When the client activates the object that
resides on the server then the activation is said to be remote object
activation.
5. What is MTS?
MTS is a component-based transaction processing system for developing,

deploying, and administering server applications. The shift from singletier to multi-tier environment can be done easily by using MTS. It
provides infrastructure for building scalable and robust enterprise
applications. The application infrastructure includes the services that
manage resources and transactions. In a multi-user environment, the
application infrastructure includes the services that enable multi-users
to simultaneously access services and underlying data.
// Create a channel for communicating with remote object// No port is

specified on the clientTcpChannel chan = new TcpChannel();
ChannelServices.RegisterChannel(chan);
// Create an instance of the remote object
SampleObject obj = (SampleObject) Activator.GetObject(
typeof(Remoting.SampleObject),tcp://localhost:8080/HelloWorld );
// Use the object
if( obj.Equals(null) )
System.Console.WriteLine(Error: Cannot locate server);
else
Console.WriteLine(obj.HelloWorld());
return 0;
1. How are COM objects accessed from the .NET Framework?COM

objects are accessed from the .NET Framework by the use of a Runtime
Callable Wrapper (RCW). The RCW converts the COM interfaces into
.NET compatible interfaces.2. What is serialization? How is it different
from deserialization? What are the two serialization technologies?
Serializing is the method in which the state of an object is converted into
a form that can be transported.
Deserialization is a process in which a stream is converted to an object.
The following two serializing technologies are included in the .NET

Remoting Framework:
n Binary serialization: It is used to protect the state of an object between

various invocations of an application. For instance, the sharing of an
object between the applications can be done by serializing it to the
clipboard. You can serialize the object to a stream, disk, memory, or over
the network.
n XML serialization: It does not preserve the state of an object and

serializes the public properties alone. This serialization is useful when
you want to offer or consume data without limiting the application that
uses the data.
3. What is a channel? What are the different types of channels? How

would you initialize a server channel at port 9932, and then register the
channel with the channel services?
Channels transport messages between remote objects. If a client activates

a method on a remote object, the information related to the call is
transported through the channel to the remote object. The results from
the call are given back to the client in a similar manner. A client can
choose the registered channels on the server to communicate with the
remote object. The different types of channels are:
n HTTP channel: The HTTP channel uses the SOAP protocol to transport
messages. The messages that are passed through the SOAP formatter are
converted into XML, and serialized. The necessary SOAP headers are
included in the stream. The HTTP channel can also be configured with
the help of binary formatter. HTTP channel that uses binary formatter
are not the same as TCP channel due to the difference between
underlined protocols.
n TCP channel: The Transmission Control Protocol (TCP) channel uses a

binary formatter in which the messages are serialized to binary stream.
By using the TCP protocol, the stream is transported to the URI target.
The channel provides communication through TCP sockets.
To initialize a server channel at port 9932, and then register the channel
with the channel services, you would need to use the following code
snippet:
TcpServerChannel channel = new TcpServerChannel(9932);

ChannelServices.RegisterChannel(channel);
bsit62
Chapter 1Traditional Commerce
Traditional commerce is the exchange of goods and services, usually for
money, involving physical interaction between the buyer and the seller. In
traditional commerce, the buyer needs to physically go to a market to buy
goods. The buyer can physically see and feel the product.
You can see commerce all around you in millions of different forms. If
you buy something or go to work each day for a company that produces a
product or a service, you are participating in a commercial activity.
The elements of commerce are:
n Buyers: These are the people who want to purchase goods and
services.
n Sellers: These are the people who offer goods and services to buyers.
Sellers are generally recognized in two different forms, retailers who sell
directly to the consumers and wholesalers or distributors who sell to the
retailers and other businesses.
n Producers: These are the people who create the products and services
that sellers offer to buyers.
Disadvantages of Traditional Commerce
Traditional commerce has the following disadvantages:
n It involves high marketing and advertising expenses.
n It offers a limited marketplace to customers.
Q. How does the commerce and E-commerce are related? Explain. OR

Explain the concept of commerce and E-commerce.
Ans: This revolutionized the scenario of trading and commerce and can
be called the beginning of e-commerce.The matters improved further,
with the concept of the world wide web and the internet, the number of
users on the web increased manifold and the cost of getting connected
crashed. This, coupled with several changes in banking and other
systems, made the entire set of e-commerce operations available even to
the individual and small time users, apart from the large companies and
organizations. Definitely, the key element of e-commerce is information
processing. Given a suitable scenario and infrastructure, every stage of
commerce, except of course production of goods and their physical
delivery can be automated. The tasks that can be automated include
information gathering, processing, manipulation and information
distribution.
Q. What are the categories of operations under e-commerce? Explain
Ans: Broadly speaking the following categories of operations came under

ecommerce:
(i.) Transactions between a supplier/a shopkeeper and a buyer or

between two companies over a public network like the service provider
network (like ISP). With suitable encryption of data and security for
transaction, entire operation of selling/buying and settlement of
accounts can be automated.
(ii.) Transactions with the trading partners or between the officer of the
company located at different locations.
(iii.) Information gathering needed for market research.
(iv.) Information processing for decision making at different levels of

management.
(v.) Information manipulation for operations and supply chain

management.
(vi.) Maintenance of records needed for legal purposes, including

taxation, legal suits .
(vii.) Transactions for information distributions to different retailers,

customers etc. including advertising, sales and marketing.
2.1 BASIC TENETS OF E-COMMERCE IN A CONSUMERORIENTED

SCENARIO
It has been said that the convergence of money, commerce, computing
and networks form the globalconsumer market place. Though it is true in
most cases, the earliest (or rudimentary) systems had computers being
replaced by other electronic devices like the television or even telephone.
It is to be noted that there are several other, related areas that need to be
address while setting up an e-commerce system. These include facilities
for negotiations, bargaining, order processing, payment and customer
service. Though it is desirable that the entire system is automated, it
may be possible that one/more of these activities may be transacted in a
traditional manner. For example, while the order is placed over phone,
further negotiations may be made with the sales representative calling on
the buyer, the payment may be made through a cheque etc. To begin
with, we include systems where in only a part of the operations are done
through electronic means also as e-commerce systems.
Some of the fundamental issues that need to be addressed before

consumer oriented e-commerce can be made broad based are listed
below.
i.
Standard business practices and processes for buying
and selling of products as well as services need to be established

ii. Easy to use and well accepted software and hardware implementations
of the various stages of e-commerce like order taking, payment, delivery,
after sales interactions etc. need to be established.
iii. Secure commercial and transport practices that make the parties
believe that they are not at themercy of any body else for the safety of
their information and goods need to be in place.
It may be noted that each one of the above requirements can be

established only over a period of timewith several trial and error
methods. Ironically, e-commerce can grow in a very big way only when
these requirements are fully available and are within the grasp of the
average user.
We next look at a few of the applications of e-commerce in some detail, to

understand the implications of e-commerce in a full scale.
We look at the following concepts in some detail
1. Basic banking services
2. Home shopping
3. Home entertainment
4. Microtransaction for information
Q. What is E-Banking ? List the banking services.The concepts under

basic banking services are what a normal customer would be transacting
with his bank most of the time. They are mainly related to personal
finances. It can safely be presumed that most of normal transactions
that a customer has with his bank can be classified into the following
i. Checking his accounts statements
ii. Round the clock banking (ATM)
iii. Payment of bills etc.
iv. Fund transfer and
v. Updating of his pass books etc. Indeed most of these can be done
through telephone with suitable passwords etc, except round the clock
banking. The concept of Automated Teller Machines is to allow the
customer to draw money from his account at any part of the day (or
night). In fact, ATMs are to day thought to be one single concept that
changes the way banks functioned. The customer need not go to the
bank at all for his most important service. In other words, both the bank
and the customer became faceless to each other. But it helped the
customer by ensuring that he need not modify his working schedule to
visit the bank. At the same time, the banks need not resort to concept
like split hours, opening on holidays etc. to project themselves as
customer friendly.
It can be noted that the individual ATMs are connected to a Bank

Switching Centre. The SwitchingCentres of several banks are
interconnected to an association switching centre (May be all banks of a
particular region, for example) All such centre are globally connected to a
main switching centre. While the actual operations are not important
here, it is important to note that the PC are any such computers are not
employed at the customer level. It is also argued that an average
customer is more comfortable with the process of simple insertion of a
card rather than complicated operations on PCs. However, we include the
ATMs also under e-commerce.
Q. What are the desirable characteristics of E-marketing? ORQ.What

are the desirable characteristics of E-commerce?
Ans: These are some desirable characteristics of E-marketing.
(i) A minimal size of the place:Obviously for any such place to thrive there
is a critical size, below which it is not profitable to operate. This minimal
number of buyers and sellers characterises the profitability of the place.
(ii) A scope for interactions:Interactions include trial runs of the

products, classifications of doubts on the part of the customers, details
of after sales services, ability to compare different products and of course
scope for negotiations and bargaining. Negotiations can be in terms of
cost, value additions, terms and conditions, delivery dates etc.
(iii) Scope for designing new products : The customer need not buy only
what is available. He can ask for modifications, upgradations etc. The
supplier must be able to accept these and produce made to order items.
(iv) A seamless connection to the marketplace : It is obvious that each

customer will be operating with a different type of computer, software,
connectivity etc. There should be available standards sot that any of
these costumers will be able to attach himself to any of the markets
without changing his hardware/software/interfaces etc..
(v) Recourse for disgruntled users : It is nave to believe that transaction

of such a place end up in complete satisfaction to all parties concerned.
Especially because of the facelessness of the customer and the supplier,
there should be a standard recourse to settle such disputes.
Q. Explain the architectural framework of electronic commerce.

Ans: The architecture should focus on synthesizing the diverse resources
already in place in corporations to facilitate the integration of data and
software for better applications. The electronic commerce application
architecture consists of six layers of functionality, or functionality, or
services: (1) applications; (2) brokerage services, data or transaction
management; (3) interface and support layers; (4) secure messaging,
security, and electronic document interchange; (5) middleware and

structured document interchange; and (6) network infrastructure and
basic communications services.
1). The application services layer of e-commerce will be comprised of
existing and future applications built on the innate architecture. Three
district classes of electronic commerce applications can be distinguished;
customer-to-business, business-to-business, and intra-organization.
2). The information brokerage and management layer provides service
integration through the notion of information brokerages, the
development of which is necessitated by the increasing information
resource fragmentation.
3). Interface and support services, will provide interfaces for electronic
commerce applications such as interactive catalogs and will support
directory services functions necessary for information search and
access.
4). The importance of the fourth layer,secured messaging, is clear.

Broadly defined, messaging is the software that sits between the network
infrastructure and the clients or electronic commerce applications,
masking the peculiarities of the environment.
5.) Middleware services is a relatively new concept that emerged only

recently. With the growth of networks, client-server technology, and all
other forms of communicating between / among unlike platforms, the
problems of getting all the pieces to work together grew.
6). Transparency Network infrastructure implies that users should be

unaware that they are accessing multiple systems. Transparency is
essential for dealing with higher-level issues than physical media and
interconnection that the underlying network infrastructure is in charge
of. The ideal picture is one of a virtual{ network: a collection of
workgroup departmental ,enterprises and interenterprise lans that
appears to the end users or clict application to be a seamless and easily
accessed whole.
Q. Explain the architecture of www ???Explain the three stages of ecommerce architecture on web ?
Electronic commerce depends on the unspoken assumption that

computers cooperate efficiently for seamless information sharing.
Unfortunately, this assumption of interoperability has not been
supported by the realities of practical computing. Computing is still a
world make up of many technical directions, product implementations,
and competing vendors. The Web community of developers and users is
tackling these complex problems. Figure shows a block diagram
depicting the numerous pieces that constitute a Web architecture. The
architecture is made up of three primary entities: client browser, Web
server, and third-party services. The client browser usually interacts with
the WWW server, which acts as an intermediary in the interaction with
third-party services.
The client browser resides on the users PC or workstation and provides

an interface to the various types of content. The browser has to be smart
enough to understand what file it is downloading and what browser
extension it needs to activate to display the file. Browsers are also

capable of manipulating local files.
Web server functions can be categorized into information retrieval, data

and transaction management, and security. The third-party services
could be other Web servers that make up the digital library, information
processing tools, and electronic payment systems.
Q.Why information brokerages are needed ? Explain with the help of an

example.?
Ans- The information brokerage and management layer provides service

integration through the notion of information brokerages, the
development of which is necessitated by the increasing information
resource fragmentation. We use the notion of information brokerage to
represent an intermediary who provides service integration between
customers and information providers, given some constraint such as a
low price, fast service, or profit maximization for a client. Information
brokerage does more than just searching. It addresses the issue of
adding value to the information that is retrieved. For instance, in foreign
exchange trading, information is retrieved about the latest currency
exchange rates in order to hedge currency holdings to minimize risk and
maximize profit. With multiple transactions being the norm in the real
world, service integration becomes critical.
Example:- To help in comparasing shopping,reduce search costs an
integration.
Q. Give any four desirable characteristics of E-market place. Explain .
Ans:- The following criteria are essential for consumer-oriented electronic

commerce:
l Critical mass of buyers and sellers. The trick is getting a critical mass of
corporations and consumers to use electronic mechanisms. In other
words, the electronic marketplace should be the first place customers go
to find the products and services they need.
l Negotiation and bargaining. No market place is complete if it does not

support negotiation. Buyers and sellers need to be able to haggle over
conditions of mutual satisfaction, including money, terms and
conditions, delivery dates, and evaluation criteria.
l New products and services. In a viable marketplace, consumers can

make requests for products and services not currently offered and have a
reasonable expectations that someone will turn up with a proposed
offering to meet that request.
l Seamless interface. The biggest barrier to electronic trade is having all

the pieces work together so that information can flow seamlessly from
one source to another.
l Recourse for disgruntled buyers. A viable marketplace must have a

recognized mechanism for resolving disputes among buyers and sellers.
Q. Name and describe the phases of mercantile model from the

merchants point of view. Or Explain the Mercantile Models from the
Consumer perspective .or explain the three board phase of consumer
presprctive.Ans- The business process model from a consumers
perspective consist of seven activities that can be grouped into three
phases: pre-purchase phase, purchase consummation, and postpurchase interaction.
1. The pre-purchase preparation phase includes search and discovery for
a set of products in the larger information space capable of meeting
customer requirements and products selectionfrom the smaller set of
products based on attribute comparison.
2. The purchase consummation phase includes mercantile protocols that

specify the flow of information and documents associated with
purchasing and negotiation with purchasing andnegotiation with
merchants for suitable terms, such as price, availability, and delivery
dates; and electronic payment mechanisms that integrate payment into
the purchasing process.
3. The postpurchase interaction phase includes customer service and

support to address customer complaints, product returns, and product
defects.
Pre-purchase Preparation
From the consumers perspective, any major purchase can be assumed
to involve so me amount of pre-purchase deliberation, the extent of which
is likely to vary across individuals, products, and purchase situations.
Purchase deliberation is defined as the elapsed time between a
consumers first thinking about buying and the actual purchase itself.
Information search should constitute the major part of the duration, but
comparison of alternatives and price negotiation would be included in
the continually evolving information search and deliberation process.
In general, consumers can be categorized into three types:
1. Impulsive buyers, who purchase products quickly.
2. Patient buyers, who purchase products after making some

comparisons.
3. Analytical buyers, who do substantial research before making the

decision to purchase products or services.
In fact, marketing researchers have isolated several types of purchasing:l

Specifically planned purchases. The need was recognized on entering the
store and the shopper bought the exact item planned.
l Generally planned purchases. The need was recognized, but the

shopper decided in-store on the actual manufacturer of the item to
satisfy the need.
l Reminder purchases. The shopper was reminded of the need by some

store influence. This shopper is influenced by in-store advertisements
and can substitute products readily.
l Entirely unplanned purchases. The need was not recognized entering

the store.
While the technology for supporting search is important, we still need to

understand the actual process that consumers and organizations employ
in gathering information.
Information Brokers and Brokerages
To facilitate better consumer and organizational search, intermediaries

called information brokers orbrokerages are coming into existence.
Information brokerages are needed for three reasons: comparison
shopping, reduced search costs, and integration.
Today, many on-line information providers are moving to a consumer

services model, where they provide not only inexpensive access but lots
of free information.
Purchase Consummation
After identifying the products to be purchased, the buyer and seller must
interact in some way to actually carry out the mercantile transaction. A
mercantile transaction is defined as the exchange of information between
the buyer and seller followed by the necessary payment.
A single mercantile model will not be sufficient to meet the needs of every
one. In very general terms, a simple mercantile protocol would require
the following transactions. Although there may be many variants of this
protocol, the basic flow remains the same.
1Q.MERCANTILE PROCESS MODELSMercantile processes define

interaction models between consumers and merchants for on-line
commerce. This is necessary because to buy and sell goods, a buyer,
seller, and other parties must interact in ways that represent some
standard business processes.
The establishment of a common mercantile process (or set of processes)

is expected to increase convenience for consumers who wont have to
figure out a new business process for every single. Buyer contacts vendor
to purchase product or service. This dialogue might be interactive online-
through World Wide Web (WWW), e-mail, off-line through an electronic

catalog and telephone.
2. Vendor states price.
3. Buyer and vendor may or may not engage in negotiation.
4. If satisfied, buyer authorizes payment to the vendor with an encrypted

transaction containing a digital signature for the agreed price.
5. Vendor contacts his or her billing service to verify the encrypted

authorization for authentication.
6. Billing service decrypts authorization and checks buyers account

balance or credit and puts a hold on the amount of transfer.
7. Billing service gives the vendor the green light to deliver product and
sends a standardized message giving details of transaction.
8. On notification of adequate funds to cover financial transaction,

vendor delivers the goods to buyer or in the case of information purchase
provides a cryptokey to unlock the file.
9. On receiving the goods, the buyer signs and delivers receipt. Vendor
then tells billing service to complete the transaction.
10.At the end of the billing cycle, buyer receives a list of transactions.
Buyer can then either deny certain transactions or complain about over
billing. Suitable audit or customer service actions are then initiated
depending on the payment scheme.
Postpurchase Interaction
As long as there is payment for services, there will be refunds, disputes,

and other customer service issues that need to be considered. Returns
and claims are an important part of the purchasing process that impact
administrative costs, scrap and transportation expenses, and customer
relations. Other complex customer service challenges arise in customized
retailing that we have not fully understood Inventory issues. To serve the
customer properly, a company should inform a customer rightaway when
an item ordered is sold out-not with a rain check or back-order notice
several days later. On the other hand, if the item is in stock, a company
must be able to assign that piece to thecustomer immediately and
remove it from available inventory.
l Database access and compatibility issues. Unless the customer can

instantly access all thecomputers of all the direct-response vendors likely
to advertise on the Information Superhighway
on a real-time basis, with compatible software he or she is not likely

to get the kind of service that customers normally get.
l Customer service issues. Customers often have questions about the

product (color, size, shipment),want expedited delivery, or have one of a
myriad of other things in mind that can be resolved only by talking to an
order entry operator.
Q. Describe the mercantile models from the merchants perspectives. or

List the OMCs(Order Management Cycle) generic step.
Ans:-Order Planning and Order Generation-The business process begins

long before an actual order is placed by the customer. The first step is
order planning. Order planning leads into order generation. Orders are
generated in number of ways in the e-commerce environment.
Cost Estimation and Pricing-Pricing is the bridge between customer

needs and company capabilities. Pricing at the individual order level
depends on understanding, the value to the customer that is generated
bye ach order, evaluating thecost of filling each order; and instituting a
system that enables the company to price each order based on its valued
and cost.
Order Receipt and Entry- After an acceptable price quote, the customer
enters the order receipt and entry phase of OMC.
Order Selection and Prioritization-Customer service representatives are

also often responsible for choosing which orders to accept and which to
decline.
Order Scheduling- During the ordering scheduling phase the prioritized

orders get slotted into an actual production or operational sequence.
Order Fulfillment and Delivery- During the order fulfillment and delivery
phase the actual provision of the product or service is made.
Order Billing and Account / Payment Management:- After the order has
been fulfilled and delivered, billing is typically handled by the finance
staff, who view their job as getting the bill out efficiently and collecting
quickly.
Post-sales Service-This phase plays an increasingly important role in all

elements of a companys profit equation: customer value, price, and cost.
Depending on the specific of the business it can include such elements

as physical installation of a product repair and maintenance customer
training equipment upgrading and disposal.
Q. What are the three type electronic Digital token? Explain. OR Explain
Electronic Token.
Ans:- the banking or retailing payment methods are completely adequate

in their present form for the consumer-oriented e-commerce
environment. Their deficiency is their assumption that the parties will at
some time or other be in each others physical presence or that there will
be a sufficient delay in the payment process for frauds, overdrafts, and

other undesirables to be identified and corrected. These assumptions
may not hold for e-commerce.
1. Cash or real-time. Transactions are settled with the exchange of

electronic currency. An example of on-line currency exchange is
electronic cash
2. Debit or prepaid. Users pay in advance for the privilege of getting

information. Examples of prepaid payment mechanisms are stored in
smart cards and electronic purses that store electronic money.
3. Credit or postpaid. The server authenticates the customers and

verifies with the bank that funds are adequate before purchase.
Examples of postpaid mechanisms are credit / debit cards and electronic
checks.
Q. How does digital signature works.
Ans:- Electronic cash is based on cryptographic systems called digital

signatures. This method involves a pair of numeric keys (very large
integers or numbers) that work in tandem: one for locking (or encoding)
and the other for unlocking (or decoding). Messages encoded with one
numeric key can only be decoded with the other numeric key and none
other. The encoding key is kept private and the decoding key is made
public. By supplying all customers (buyers and sellers) with its public
key, a bank enables customers to decode any message (or currency)
encoded with the banks private key. If decoding by a customer yields a

recognizable message, the customer can be fairly confident that only the
bank could have encoded it.
Q. What is e-cash(Digital cash). Give the properties of e-cash.or What are

the normal constraints put on e-cash?
Ans: Electronic cash (e-cash) is a new concept in on-line payment

systems because it combines computerized convenience with security
and privacy that improve on paper cash. Its versatility opens up a host of
new markets and applications. There are four properties of E-Cash. Ecash must have a monetary value; it must be backed by either cash
(currency), bank-authorized credit, or a bank-certified cashiers check.
E-cash must be interoperable that is, exchangeable as payment for

other e-cash, paper cash, goods or services, lines of credit, deposits in
banking accounts, bank notes or obligations, electronic benefits
transfers, and the like.
E-cash must be storable and retrievable. The cash could be stored on a

remote computers memory, in smart cards, or in other easily transported
standard or special-purpose devices.d) E-cash must be security,This
device should have a suitable interface to facilitate personal
authentication using passwords or other means and a display so that the
user can view the cards contents. A validity limit, the more amount that
can be stored, more no. of exchanges and no. of exchanges within a time
period.
Q.Electronic Cash in Action
Electronic cash is based on cryptographic systems called digital

signatures. This method involves a pair of numeric keys (very large
integers or numbers) that work in tandem: one for locking (or encoding)
and the other for unlocking (or decoding). Messages encoded with one
numeric key can only be decoded with the other numeric key and none
other. The encoding key is kept private and the decoding key is made
public.
By supplying all customers (buyers and sellers) with its public key, a
bank enables customers to decode any message (or currency) encoded
with the banks private key. If decoding by a customer yields a
recognizable message, the customer can be fairly confident that only the
bank could have encoded it. These digital signatures are as secure as the
mathematics involved and have proved over the past two decades to be
more resistant to forgery than hand written signatures.
Business Issues and Electronic Cash

Electronic cash fulfills two main functions: as a medium of exchange and
as a store of value. Digital money is a perfect medium of exchange. By
moving monetary claims quickly and by effecting instant settlement of
transactions, e-cash may help simplify the complex interlocking credit
and liabilities that characterize todays commerce.
The controversial aspects of e-cash are those that relate to the other role,
as a store of value. Human needs tend to require that money take a
tangible form and be widely accepted, or legal tender. If ecash had to be
convertible into legal tender on demand, then for every unit there would
have to be a unit of cash reserved in the real economy. This creates
problems, because in an efficient system, if each ecash unit represents a
unit of real cash, then positive balances of e-cash will earn no interest;
for the interest they might earn would be offset by the interest foregone
on the real cash that is backing them. The enormous currency
fluctuations in international finance pose another problem. Unless, we
have one central bank offering one type of electronic currency, it is very
difficult to see e-cash being very prominent except in narrow application
domains.
Operational Risk and Electronic Cash

Operational risk associated with e-cash can be mitigated by imposing
constraints, such as limits on
(1) the time over which a given electronic money is valid,
(2) how much can be stored on and transferred by electronic money,
(3)the number of exchanges that can take place before a money needs to
be redeposited with a bank or financial institution, and
(4) the number of such transactions that can be made during a given
period of time.The objective of imposing constraints is to limit the
issuers liability. A maximum upper limit could be imposed on the value
that could be assigned to any single transaction or that could be
transferred to the same vendor within a given period of time. Since the
users computer could be programmed to execute small transactions
continuously at a high rate over the network, a strategy of reporting
transactions over a certain amount would be ineffective for law
enforcement.
Finally, exchanges could also be restricted to a class of services or goods.

The exchange process should allow payment to be withheld from the
seller upon the buyers instructions until the goods, or services are
delivered within a specified time.
Legal Issues and Electronic Cash
Anonymous and virtually untraceable, cash transactions today occupy a

place in a kind of underground economy. This underground economy is
generally confined to relatively small-scale transactions because paper
money in large quantities is cumbersome to use and manipulate. But if
e-cash really is made to function the way that paper money does,
payments we would never think of making in cash to buy a new car,
say, or as the down payment on a house could be made in this new
form of currency because there would be no problem of bulk and no risk
of robbery. The threat to the governments revenue flow is a very real one.
The question e-cash poses is not, Should the law take notice of this
development? but rather, How can it not? By impacting Revenue
raising capabilities e-cash cannot escape government scrutiny and
regulation: but it is going to take some serious thinking to design a
regulatory scheme that balances personal privacy speed of execution and
ease of use.
Q. ELECTRONIC CHECKS.Electronic checks are another form of

electronic tokens. They are designed to accommodate the many
individuals and entities that might prefer to pay on credit or through
some mechanism other than cash. These checks may be sent using email or other transport methods. When deposited, the check authorizes
the transfer of account balances from the account against which the
check was drawn to the account to which the check was deposited.
The specifics of the technology work in the following manner: On

receiving the check, the seller presents it to the accounting server for
verification and payment. The accounting server verifies the digital
signature on the check. Subsequent endorsers add successive layers of
information onto the tickets, precisely as a large number of banks may
wind up stamping the back of a check along its journey through the
system.
Electronic checks have the following advantages:
l They work in the same way as traditional checks, thus simplifying

customer education.
l Electronic checks are well suited for clearing micropayments.
l Electronic checks create float and the availability of float is an

important requirement for commerce.
l Financial risk is assumed by the accounting server and may result in

easier acceptance. Reliability and scalability are provided by using
multiple accounting servers. There can be an interaccount server
protocol to allow buyer and seller to belong to different domains,
regions, or countries
5.4 SMART CARDS AND ELECTRONIC PAYMENT SYSTEMSSmart cards

have been in existence since the early 1980s and hold promise for secure
transactions using existing infrastructure. Smart cards are credit and
debit cards and other card products enhanced with microprocessors
capable of holding more information than the traditional magnetic stripe.
The chip, at its current state of development, can store significantly
greater amounts of data, estimated to be 80 times more than a magnetic
stripe. Smart cards are basically of two types: relationship-based smart
credit cards and electronic purses.
Electronic purses, which replace money, are also known as debit cards
and electronic money.
5.4.1 Relationship-Based Smart Cards
Relationship-based products are expected to offer consumers far greater

options, including the following:
l Access to multiple accounts, such as debit, credit, Investments or

stored value for e-cash, on one card or an electronic device.
l A variety of functions, such as cash access, bill payment, balance

inquiry, or funds transfer for
selected accounts.
l Multiple access options at multiple locations using multiple device

types, such as an automated teller machine, a screen phone, a personal
computer, a personal digital assistant (PDA), or interactive TVs
Q. Electronic Purses and Debit Cards
Despite their increasing flexibility, relationship-based cards are credit

based and settlement occurs at the end of the billing cycle..The electronic
purse works in the following manner. After the purse is loaded with
money, at an ATM or through the use of an inexpensive special
telephone, it can be used to pay for, say, candy in a vending machine
equipped with a card reader. The vending machine need only verify that a
card is authentic and there is enough money available for a chocolate
bar. In one second, the value of the purchase is deducted from the
balance on the card and added to an e-cash box in the vending machine.
The remaining balance on the card is displayed by the vending machine
or can be checked at an ATM or with a balance-reading device. When the
balance on an electronic purse is depleted, the purse can be recharged
with more money.
Q. Who is liable if an EDI network fails to deliver the message?

Ans- It is not decided yet.
5.5 CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS

To avoid the complexity associated with digital cash and electronic
checks, consumers and vendors are also looking at credit card payments
on the Internet as one possible time-tested alternative. There is nothing
new in the basic process. If consumers want to purchase a product or
service, they simply send their credit card details to the service provider
involved and the credit card organization will handle this payment like
any other.
We can break credit card payment on on-line networks into three basic
categories:
1. Payments using plain credit card details. The easiest method of

payment is the exchange of unencrypted credit cards over a public
network such as telephone lines or the Internet. The low level of security
inherent in the design of the Internet makes this method problematic.
Authentication is also a significant problem, and the vendor is usually
responsible to ensure that the person using the credit card is its owner.
Without encryption there is not way to do this.
2. Payments using encrypted credit card details. It would make sense to
encrypt your credit carddetails before sending them out, but even then
there are certain factors to consider. One would be the cost of a credit
card transaction itself. Such cost would prohibit low-value payments
(micro-payments) by adding costs to the transactions.
3. Payment using third party verification. One solution to security and

verification problems is the introduction of a third party; a company that
collects and approves payments from one client to another. After a
certain period of time, one credit card transaction for the total
accumulated amount is completed.
5.6 RISK AND ELECTRONIC PAYMENT SYSTEMS

One essential challenge of e-commerce is risk management. Operation of
the payment systems incurs three major risks: fraud or mistake, privacy
issues, and credit risk
5.6.1 Risks from Mistake and Disputes
Consumer Protection
Virtually all electronic payment systems need some ability to keep
automatic records. Once information has been captured electronically, it
is easy and inexpensive to keep.
Given the intangible nature of electronic transactions and dispute

resolution relying solely on records, a general law of payment dynamics
and banking technology might be: No data need ever be discarded.
Features of these automatic records include (1) permanent storage; (2)

accessibility and traceability; (3) a payment system database; and (4)
data transfer to payment maker, bank, or monetary authorities. The need
for record keeping for purposes of risk management conflicts with the
transaction anonymity of cash. An anonymous payment system without
automatic record keeping will be difficult for bankers and government to
accept. However, customers might feel that all this record keeping is an
invasion of privacy.
5.6.2. Managing Information Privacy
The electronic payment system must ensure and maintain privacy. Every
time one purchases goods using a credit card, subscribes to a magazine
or accesses a server, that information goes into a database somewhere.
This violates one the unspoken laws of doing business: that the privacy
of customers should be protected as much as possible.
All details of a consumers payments can be easily be aggregated: Where,

when, and sometimes whatthe consumer buys is stored. This collection
of data tells much about the person and as such can conflict with the
individuals right to privacy.
Privacy must be maintained against eavesdroppers on the network and

against unauthorized insiders.
The users must be assured that they cannot be easily duped, swindled,
or falsely implicated in a fraudulent transaction. This protection must
apply throughout the whole transaction protocol.
5.6.3. Managing Credit Risk
Credit or systemic risk is a major concern in net settlement systems

because a banks failure to settle its net position could lead to a chain
reaction of bank failures. The digital central bank must develop policies
to deal with this possibility. Various alternatives exist, each with
advantages and disadvantages. A digital central bank guarantee on
settlement removes the insolvency test from the system because banks
will more readily assume credit risks from other banks.
Without such guarantees the development of clearing and settlement

systems and money markets may be impeded.
5.7 DESIGNING ELECTRONIC PAYMENT SYSTEMS? LIST THE

VARIOUS ISSUES IN E-PAYMENT SYSTEM?
Despite cost and efficiency gains, many hurdles remain to the spread of
electronic payment systems.These include several factors, many nontechnical in nature, that must be addressed before any newpayment
method can be successful.
l Privacy. A user expects to trust in a secure system.
l Security. A secure system verifies the identity of two-party transaction

through userauthentication and reserves flexibility to restrict
information / service through access control.
Millions of dollars have been embezzled by computer fraud. No systems
are yet fool-proof,although designers are concentrating closely on
security.
l Intuitive interface. The payment interface must be as easy to use as a

telephone. Generally speaking, users value convenience more than
anything.
l Database integration. With home banking, for example, a customer

wants to play with all his accounts. To date, separate accounts have been
stored on separate databases. The challenge before banks is to tie these
databases together and to allow customers access to any of them while
keeping the data up-to-date and error free.
l Brokers. A network banker someone to broker goods and services,

settle conflicts, and
facilitate financial transactions electronically must be in place.
l Pricing. One fundamental issue is how to price payment system
services. For example, should subsidies be used to encourage users to
shift from one form of payment to another, from cash to bank payments,
from paper based to e-cash.
l Standard. Without standards, the welding of different payment users

into different networks anddifferent systems is impossible. Standards
enable interoperability, giving users the ability to buy and receive
information, regardless of which bank is managing their money.
None of these hurdles are insurmountable. The biggest question
concerns how customers will take to a paperless and (if not cashless)
less-cash world.
ELECTRONIC DATA INTERCHANGE(EDI)Electronic commerce is often

equated with EDI, so it is important to clarify that electronic commerce
embraces EDI and much more. In electronic commerce, EDI techniques
are aimed at improving the interchange of information between trading
partners, suppliers, and customers by bringing down the boundaries
that restrict how they interact and do business with each other. In short,
EDI is aimed at forging boundaryless relationships EDI is one wellknown example of structured document interchange with enables data in
the form of document content to be exchanged between software
applications that are working together to process a business transaction.
EDI only specifies a format for business information, that the actual
transmission of the information is tackled by other underlying transport
mechanisms such a e-mail or point-to-point connections.
Q. Explain the four layer of EDI Architecture .
Ans:- EDI architecture specifies four layers: the semantic ( or

application ) layer, the standards translation layer, the packing ( or
transport) layer, and the physical network infrastructure layer. The EDI
semantic layer describes the business application that is driving EDI.
EDI semantic layer must be translated from a company-specific form to a
more generic or universal form
Layered architecture of EDI
The EDI standards and application level, although separate, are closely
intertwined. The EDI transport layer corresponds closely with the
nonelectronic activity of sending a business form from one company A to
company B. Physical layer of EDI documents are more structured than email and typically are manipulated or processed more that e-mail
messages by the sending and receiving software
Q.What is the need for open EDI???
The increased interest in open EDI is a result of dissatisfaction with

traditional EDI. The big difference between the traditional EDI model and
the needs of today is that business today has a much larger component
of rapid project based partnerships that are created and dissolved in time
scales too small to permit a full-blown standards process to play out its
consensus building.
Open EDI is a business procedure that enables electronic commerce to

occur between organizations where the interaction is of short duration.
In essence, open EDI is the process of doing EDI without the upfront
trading partner agreement that is currently signed by the trading
partners before they commerce trying to do business by EDI. The goal is
to sustain ad hoc business or short-term trading relationships using
simpler legal codes. In other words, open EDI is a business process for
automating the operation of the law of contract within the context of
electronic commerce where transactions are not repeated or sustained
over a long period of time. The facilitates revisions and aids in more
speedy agreement on a final version.
EDI Translator Layer
Translation is an integral part of the overall EDI solution. Translators

describe the relationship between the data elements in the business
application and the EDI standards. For instance, a purchase order
specific to a company must be mapped onto the data fields defined by the
generic representation of purchase order as specified by the EDI
standard. The translator ensures that the data are converted into a
format that the trading partner can use. Because few EDI translators
were available in the past large companies wrote their own custom EDI
translators. Custom translators have several disadvantages.
l A custom translator is very restrictive. It is often designed for one

trading partner and limited transaction sets. Most commercial EDI
translators, on the other hand, are designed for transacting with many
trading partners and a multitude of documents.
l A custom translator is difficult to update. If the trading partner changes
standards or wants additional transaction sets, precious weeks or even
months can be wasted making the changes to the EDI translator and
making sure that everything works correctly.
l A custom translator is unsupported. Theres no one to turn to when

help is needed no one to talk you through a difficult-to implement
requirement from your trading partner. Some software companies put
customers in touch with someone who can solve their problem and walk
the client through the tricky areas.
EDI COMMUNICATION LAYER.(What are the main type of EDI access

method?)
The communications portion which could be part of the translation

software of a separate application dials the phone number for the
value-added network service provider or other type of access method
being used. Three main types of EDI access methods are available: 1)
direct dial or modem to modem connection;
2) limited third-party value-added network services, and 3) full-service

third-party VANs. These networks could be private networks or public
networks such as the Internet. Direct-dial systems are by far the simplest
and most common. The user has direct access to the partners modem
and communicates by using the modem to dial the modem of the other
party. A direct computer-to-computer transfer of documents ( uploading
and downloading) through a modem, requires that both computer
applications read the same format, such as ASCII text, or use
translators.
Limited VANs are regional and international communications services

similar to those used with email. These VANs often provide only the very
basic technical services such as protocol conversion and data error
detection and correction, directing and delivering EDI traffic to
thousands of buyers and sellers. Full third-party services provide more
than just communication between two or more parties. Electronic
mailboxes and associated extra features are the heart of these thirdparty services. Extra features include access control for security and
document tracking, which allows users to track their own documents as
they pass though the system. This feature supports audit needs.
A third-party network can also provide a gateway to interconnect with

other third-party networks.This facilitates communication between
business having accounts with different third-party networks running a

variety of protocols and systems.
HOW MUCH WILL AN EDI IMPLEMENTATION COST

Prices for EDI products vary from no cost ( for very simple one-function
products) to several thousands of dollars for full-function applications.
The final cost depends on several factors:
l The expected volume of electronic documents: Generally speaking, PC

products cost less but handle only a few documents and trading
partners. Mid-range EDI packages can be a little more expensive but can
handle a larger volume of multiple document types or multiple trading
partners.
l Economics of the EDI translation software: Some products initially look

like a bargain, but as needs grow, hidden costs suddenly appear. These
costs can range from new transaction sets for doing different forms to
expensive upgrades.
l Implementation time: Some applications are easier to learn and use

than others. The more time spent in training, the more time it takes to
get into production mode. If the implementation time frame is tight, it is
wise to look for a translator that doesnt require training before
implementation.
Maintenance fees and VAN charges can vary considerably and as such
can affect the cost of EDI
systems:
l Maintenance fees: Most companies charge an annual maintenance fee,

usually a percentage of the translators list price. This fee should include
software updates, standards updates, technical support, and customer
service.
l VAN charges: VANs bill for data transmission, similar to long-distance

phone calls. Come base their billing per document & others charge based
on the number of kilo-characters in each document. Some also bill for
connect time.
Q. What is VAN? Explain the functions of VAN. OR What do you mean

by VAN? Explain.
Ans:- A VAN is a communications network that typically exchanges EDI
messages among trading partners. It also provides other services,
including holding messages in electronic mailboxes, interfacing with
other VANs and supporting many telecommunications modes and
transfer protocols. A VANs electronic mailbox is a software feature into
which a user deposits EDI transactions and then retrieves those
messages when convenient. It works much like residential personal
mailboxes, and it allows everybody involved to be flexible and costeffective. Business can exchange data either by connecting to each other
directly or by hooking into a VAN. VANs have allowed companies to
automatically and securely exchange purchase orders, invoices, and
payments.
Functions of a third-party VAN

VAN Pricing Structures
VANs bill in various ways for services rendered. Typically, customers can
pick and choose from an array of VAN service and be billed accordingly.,
These sevices may include EDI translation software and support, EDI to
fax support, email capability, inter-VAN connectivity, and, most
commonly, transmission of X.12 documents. Account Start-UP Costs
Q. Explain how information flows with EDI?Ans: Step1 : Buyers

computer sends Purchase Order to sellers computer.
Step2 : Sellers computer sends Purchase Order Confirmation to buyers
computer.
Step3 : Sellers computer sends Booking Request to transport companys

computer.
Step4 : Transport companys computer sends Booking Confirmation to

sellers Computer.
Step5 : Sellers computer sends Advance Ship Notice to buyers computer.
Step6 : Transport companys computer sends status to sellers computer.
Step7 : Buyers computer sends Receipt Advice to sellers computer.
Step8 : Sellers computer sends Invoice to buyers computer.
Step9 : Buyers computer sends Payment to sellers computer.
Q. What is tangible benefit of EDI?
Ans: There are three tangible benefit of EDI.l Reduced paper-based

systems: EDI can impact the effort and expense a company devotes to
maintaining records, paper- related supplies, filing cabinets, or other
storage systems and to the personnel required to maintain all of these
systems.lImproved problem resolution and customer service: EDI can
minimize the time companies spend to identify and resolve interbusiness
problems. EDI can improve customer service by enabling the quick
transfer of business documents and a marked decrease in errors.l
Expanded customer/supplier base: Many large manufacturers and
retailers with the necessary clout are ordering their suppliers to institute
an EDI program. However, these are isolated islands of productivity
because they are unable to build bridges to other companies.
EDI implementation :
l Common EDI standards dictate syntax and standardize on the business
language. EDI standards basically specify transaction sets complete
sets of business documents.
l Translation software sends messages between trading partners,
integrates data into and from
existing computer applications, and translates among EDI message

standards.
l Trading partners are a firms customers and suppliers with whom
business is conducted.
l Banks facilitate payment and remittance.
l EDI Value -Added Network services ( VANs). A VAN is a third-party
service provider that manages data communications networks for
businesses that exchange electronic data with other businesses.
l Proprietary hardware and networking if it is a hub company. Hubs, also
called sponsors, are large companies, very active in EDI, that facilitate
their business partners use of EDI.
STRUCTURE OF EDI TRANSACTIONS

EDI standards are very broad and general because they have to meet the
needs of all businesses.
EDI messages, however, share a common structure
1. Transaction set is equivalent to a business document, such as a
purchase order. Each transaction set is made up of data segments.
2. Data segments are logical groups of data elements that together
convey information, such as invoice terms, shipping information, or
purchase order line.
3. Data elements are individual fields, such as purchase order number,
quantity on order, unit price.
The Concept and theory of EDI has evolved from the transmission of data
in fixed-length proprietary formats to the transmission of data in
variable length standard formats. Without these standard formats,
industry utilization of computer-to-computer communication technology

would be encumbered by the use of different formats and data contents
. EDI SOFTWARE IMPLEMENTATION
EDI software has four layers, as shown in business application, internal

format conversion, EDI translator, and EDI envelope for document
messaging. These four layers package the information and send it over
the value-added network to the target business, which then reverses the
process to obtain the original information.
EDI Business Application Layer
The first step in the EDI process creates a document in this case, an
invoice in a software application. This software application then sends
the document to an EDI translator, which automatically reformats the
invoice into the agreed- on EDI standard. If these two pieces of software
are from different vendors, it is very important that the document
preparation application seamlessly integrate with the EDI translation
software. If both the EDI translator and business application are on the
same type of computer, the data will move faster and more easily from
one to another. The translator creates and wraps the document in an
electronic envelope EDI package that has a mailbox ID for the
companys trading partners. The EDI wrapper software can be a module
to the translator, a programming tool to write a different communications
protocols, or a separate application.
Opening an account with a VAN incurs start-up costs as well as other
variable costs such as mailbox/ network fees. The network usage fee is a
flat monthly rate that applies, whether or not the services are used. The
network usage fee can also include a mailbox fee for maintaining an
account and a password. Each account has a mailbox through which
companies exchange EDI data.
The overall start-up costs vary depending on the EDI readiness of the
organization and the tradingpartner, the number of trading partners, line
attachment options(asynchronous), and software application options.
VAN Usage or Variable Costs VANs charge session fees based on the of
their services. Unlike the postal service, which charges only to send a
letter, most VANs charge to both send and receive data. If a user agrees to
cover all of thetransaction costs, the VAN can charge twice for each
transaction:
1) when the user sends or receives, and 2) when a trading partner sends
or receives. The customer pays according to volume of usage. Usage is
defined as the number of transactions sent and received by the customer
or the trading partner. Transaction fee assessment is not consistent or
straightforward. Some VANs allow users to bundle several transaction
sets into a single envelope, as though sending several invoices in one
paper envelope. Other VANs open the interchange and charge for each
transaction set in the envelope. Other support and software costs are
hidden. The session fee is a variable cost related to envelope/message fee
delivery of functionally similar EDI documents. Support fee generally
applies to updates to the software and telephone support for the VANs
that provide software.
Some VANs provide free software that works only with its sponsoring
VAN. Other VANs provide customized software that may or may not
operate with other VANs.
Interconnect Costs
A company that exchanges EDI data with a trading partner that
subscribes to a different VAN will mpay a VAN interconnect fee. Most
VANs offer interconnects, but they often charge monthly fees for using
them and may have other charges as well. If no transactions are sent,
there is only the monthly charge for the mailbox and interconnect fee.
Since most VANs offer volume discounts, the variable costs per
transaction will decrease as the number of transactions sent increases.
Q. EDI: LEGAL, SECURITY, AND PRIVACY ISSUESSince in the case of

EDI, we are dealing with trade between countries and corporations,
issues of legal admissibility and computer security are paramount.
However, careful assessment of the trade-offs must be part of this
process and should satisfy legal requirements.
Legal Status of EDI Messages
There has been considerable debate concerning the legal status of EDI
messages and electronic
messages in general. No rules exist that indicate how electronic messages

may be considered binding in business or other related transactions. The
establishment of such a framework is essential if EDI is to become
widespread.
Chapter 6 Inter-organizational Commerce and EDI(Electronic Data

Interchange)
Digital Signatures and EDI
The cryptographic community is exploring various technical uses of

digital signatures by which messages might be time-stamped or digitally
notarized to establish dates and times at which a recipient might claim to
have had access or even read a particular message. If digital signatures
are to replace handwritten signatures, they must have the same legal
status as handwritten signatures. The digital signature provides a means
for a third party to verify that the notarized object is authentic. Digital
signatures should have greater legal authority than handwritten

signatures. For instance, if a ten-page contract is signed by hand on the
tenth page, one cannot be sure that the first nine pages have not been
altered. If the contract was signed by digital signatures, however, a their
party can verify that not one byte of the contract has been altered.
Without such a framework, it is hard to see how EDI can fulfill the role
envisioned for it in the future.
Q. EDI AND ELECTRONIC COMMERCE
The economic advantages of EDI are widely recognized, but until recently,
companies have been able to improve only discrete processes such as
automating the accounts payable function or the funds transfer process.
Companies are realizing that to truly improve their productivity they
need to automate their external processes as well as their internal
processes. This is the thrust of new directions in EDI. New EDI services
for electronic commerce are seen as the future bridge that automates
external and internal business processes, enabling companies to improve
their productivity on a scale never before possible. They present
information management solutions that allow companies to link their
trading community electronically. Another goal of new EDI services is to
reduce the cost of setting up an EDI relationship. These costs are still
very high because of the need for a detailed bilateral agreement between
the involved business partners and for the necessary technical
agreements. Therefore most successful EDI implementations are either in
long-term partnerships or among a limited number of partners. With the
advent of interorganizational commerce, several new types of EDI are
emerging that can be broadly categorized as traditional EDI and open
EDI.
Traditional EDI
Traditional EDI replaces the paper forms with almost strict one-to-one
mappings between parts of a paper form to fields of electronic forms
called transaction sets. Traditional EDI covers two basic business areas:
1) Trade Data Interchange (TDI) encompasses transactions such as

purchase orders, invoices, and acknowledgments.
2) Electronic Funds Transfer ( EFT) is the automatic transfer of funds
among banks and other organizations.
INTERNET-BASED EDI
Several factors make the Internet useful for EDI:
l Flat-pricing that is not dependent on the amount of information

transferred. The Internet flatrate model is better for the customer as
opposed to the standard VAN approach of charges per character.
l Cheap access with the low cost of connection often a flat monthly fee
for leased line or dialup access. Business users have access to
commercial and noncommercial Internet services i some 140 countries
providing ubiquitous network coverage
l Common mail standards and proven networking and interoperable
systems; another attraction is that Internet mail standards are
nonproprietary and handle congestion and message routing exceptionally
well. It has been noted that sometimes on a VAN network an e-mail
message can take hours or days to reach its destination, while on the
Internet it usually takes seconds to minutes.
l Security- public-key encryption techniques are being incorporated in
various electronic mail systems. This will enable systems to ensure the
privacy of EDI messages and give users a way
to verify the sender or recipient.
Electronic commerce services on the Internet differ from earlier value

added network offerings in several respects. First, theyre based on
established technologies and applications available from independent
vendors, whereas more traditional services are based on proprietary
software and front ends. Not only does the proprietary approach limit
interoperability, but it also narrows application choices
WORK-FLOW MANAGEMENTThe use of work flows for task coordination

is important because people do not work in isolation but collaborate to
accomplish tasks. Companies have developed methods to optimize work
flows by pruning unneeded operational steps and moving much of their
internal paper handling onto computer networks. The most common
work flows are administrative time consuming, unexciting tasks such
as processing a trip request from initiation, through approval, to issuing
the ticket, cutting a check for the cash advance, and debiting an account.
These work flow reengineering efforts have been mostly localized to a few
departments or tasks. Extending this effort to coordinating enterprise
process using electronic commerce methods is the logical next step for
most organizations. We see work flow as a gold mine for new electronic
commerce application software.
PRODUCT OR SERVICE CUSTOMIZATION
Consumer demand and expectations are forecasted to drive made-toorder or customized products with rapidly shrinking lead times. Products
will come configured as customers want them and provide a high level of
reliability, excellent quality, and longer life spans. Customization focuses
on two issues: time to market and flexible operations: Time-to-market
depends largely on gathering the specific consumer preferences and
using these preferences to custom design products or services. Custom

designing any product or service requires tremendous coordination
between various departments and functions. An implicit assumption in
successful time to market is cross functional coordination built on the
communications infrastructure. Flexible operations depend largely on
implementation details or working practices that make time-tomarket a
reality. A company convinced of the value of being just-in-time triggers
production automatically on costumer orders, rather than stockpiling
inventory. The key idea is to avoid tying up time and capital in terms of
setup costs and inventory. A key point to remember is that in
customization, it is customer demand that drives product or model
varieties. The concept of customization has been around for a while but
we still do not know how to do it effectively. The technology requirements
for supporting customization are becoming the primary of focus of
internal commerce
Q. Explain Horizontal and vertical organization.Ans:- The vertical

organization :- The vertical approach to corporate management poses
two problems to smooth operations. First, it creates boundaries that
discourage employees in different departments frominteracting with one
another. Second, departmental goals are typically set in a way that could
cause friction among departments. For instance, goals for sales are
typically set to maximize sales and pay little attention to account
collection or service delivery.The vertical organization allows gaps to exist
between employees from different departments and lacks a channel to
facilitate interaction and communication.
The Horizontal Organization: -The principal goal of horizontal
management is to facilitate the smooth transition of intermediate
products and services through its various functions to the customer.
This is achieved by empowering employees, improving communication,
and eliminating unnecessary work. The importance of having a clear view
of how products and services flow from one departments to another, and
eventually, to the customer is apparent. the horizontal organization is
processed at eh local level by process teams. Team members are typically
from the respective functions working in the process. Process teams can
resolve problems quickly, and in this way permit the company to operate
with flexibility and responsiveness in a continuously changing business
environment.
Q. Explain main categories of SCM in details.OR Explain the

primaryelement of SCM. Or There are two category of SCM such as
PUSH&PULLAns:- Primary Element: These are three primary elements of
SCM:
1. Logistics and distribution (integrated logistics). Logistics is a relatively
new discipline that deals with the integration of materials management
and physical distribution. Although logistics and SCM are sometimes
interchanged, think of SCM as an umbrella that incorporates the
logistics function.
2. Integrated marketing and distribution: Most managers often do not

realize that order processing and fulfillment processes may exceed 15
percent of the cost of sales. Traditionally, the customer order process is
initiated by sales personnel, who have an in-depth understanding of the
customers product and service requirements.
3. Agile manufacturing. Consumers and manufacturers are stressing

quality and speed. One of the most influential visions of production goes
by the name of agile manufacturing.
There are two category of SCM such as PUSH&PULL
Q. What is SCM ? Give its characteristics.
Ans:- A supply chain is the network of suppliers and customers within

which any business operates. SCM is in stark contrast to the traditional
approach, whereby executives think in terms of component activities
such as forecasting, purchasing, production planning, or warehousing.
Typically, these activities were managed in a fragmented manner, and so
it was not uncommon to find them under separate functions that do not
share information. SCM is important in retailing because it helps manage
the demand and supply functions. supply chain management has the
following characteristics:
l An ability to source raw material or finished goods from anywhere in the
world.
l A centralized, global business and management strategy with flawless
local execution.
|Intra organizational Electronic Commercel On-line, real-time distributed
information processing to the desktop, providing total supply chain
information visibility.
l The ability to manage information not only within a company but across
industries and enterprises.
l The seamless integration of all supply chain processes and
measurements, including third-party suppliers, information systems,
cost accounting standards, and measurement systems.
l The development and implementation of accounting models such as

activity-based costing that l ink cost to performance are used as tools for
cost reduction.
l A reconfiguration of the supply chain organization into high
performance teams going from the shop floor to senior management.
Q. What are the advantages of Internet?
Ans:- Several factors make the Internet useful for EDI:

l Flat-pricing that is not dependent on the amount of information
transferred. The Internet flatrate model is better for the customer as
opposed to the standard VAN approach of charges per character.
l Cheap access with the low cost of connection often a flat monthly fee
for leased line or dialup access. Business users have access to
commercial and noncommercial Internet services in some 140 countries
providing ubiquitous network coverage.
l Common mail standards and proven networking and interoperable
systems; another attraction is that Internet mail standards are
nonproprietary and handle congestion and message routing exceptionally
well. It has been noted that sometimes on a VAN network an e-mail
message can take hours or days to reach its destination, while on the
Internet it usually takes seconds to minutes.
l Security- public-key encryption techniques are being incorporated in
various electronic mail systems. This will enable systems to ensure the
privacy of EDI messages and give users a way to verify the sender or
recipient.
Q.INTERNAL INFORMATION SYSTEMS
What exactly do we mean by information in business organizations?

Information usually begins with corporate data. Corporate data provide
the building blocks to form the information and knowledge that underlie
the operations of all enterprises regardless of industry, size, or country.
Corporate information is created, managed, and stored in many forms
and places, and its value is contingent on the ability of workers to access,
manipulate, change, and distribute it. So the challenge of enabling
internal commerce is plain and simple; How do we integrate the
distributed corporate data using a high band-width network? Getting a
handle on corporate data is not exactly a new problem. Many interesting
concepts have been floated over the last three decades in the race to
deliver information to manager and line worker.
A new paradigm: Information Architecture
The focus of the new paradigm lies in creating an information

architecture that enables cross-functional systems and better
information utilization. Cross-Functional system: Early on in business
computing, unifunctional automation was the norm; applications were
focused on automating discrete business tasks. Today, systems tend to be
more broadly focused and tend to cut across functional boundaries.
Cross functional automation with emphasis on integrating the
enterprise, with information flowing from one business area to another,
is rapidly becoming the norm. Cross-functional integration has shifted
the entire thrust or corporate computing from monolithic mainframes
toward client-server systems connecting corporate databases, workers,
and tasks via the networking infrastructure. Information not data: The
focus of competitive differentiation today is not on building better
systems than those of the competitors, but is based on the use of
corporate information. While the information systems and applications
may have to change periodically to cope with changes in business

operations, the information has a longevity of 10-25 years. Simply stated,
the corporate systems of the future will be built around information and
companies are attempting to become information architects rather than
systems builders. Other trends have contributed to this paradigm shift.
First, computers have become a substitutable commodity and as such
are as much a part of the business environment as telephones. Unlike
proprietary systems of the past, information architecture today is based
on the widespread adoption of standards and protocols in hardware,
software, and telecommunications. Technology is changing faster than
ever.
Virtual or Network Organizational Structure
In recent years, virtual enterprises have gained much attention as more

and more such firms have emerged in industries ranging from computer
chip manufacturing to aircraft manufacturing. The virtual organization is
defined as being closely coupled upstream with its suppliers and
downstream with its customers such that where one begins and the
other ends means little to those who manage the business processes
within the entire organization. In simplest terms, it is an organization
having the essence or effect of a traditional corporation without the
structure or appearance of one.
In the virtual organization, each separate firm retains authority in major

budgeting and pricing matters and functions as part of a greater
organization coordinated by a core firm acting as integrator of the actions
done by the various partners. Interdependence among partners
differentiates the virtual corporation from the traditional hierarchy.
Companies adept at coordinating and maximizing the capabilities of

suppliers will gain more control over key elements of time from overall
order to shipment lead time to product specific cycle time. In addition,
full fledged alliances that tap the resources of multiple parties will
effectively slash product-or process- development time.Understanding
the structure of virtual enterprises Two major approaches are used to
form virtual organizations: downward and lateral. Downward networking
is initiated by a large, vertically integrated company seeking to reduce its
overhead by outsourcing.Outsourcing has two purposes: to reduce costs
associated with fixed assets and to maintain a focus on key operations.
Outsourcing breaks down the companys vertical structure. A company
that successfully out sources becomes economically slimmer and more
adaptive. The lateral approach is observed in small, specialized firms
that, in the interest of seeking strategic alliances, form partnerships
along a valueadded chain. Each such core firm can benefit by modeling
the adaptively and responsiveness of a small, specialized company and
the scale economies of a large and integrated firm.
Some networks emphasize reliable supply and close cooperation in

scheduling and quality requirements. This requires that firms thoroughly
adapt to one another, strengthening the bonds between the core firm and
other firms and stabilizing the network.
Naturally, virtual enterprises run risks of their own. For example, the
firms with limited loyalty to the core firm are constantly exploring
opportunities in other networks or markets. On the other hand, the core
firm with a stable network of cooperating and committed partners must
avoid becoming passive due to its strong relationships with its partners.
Stagnation may prevent the core firm from eliminating unsatisfactory

partners and injecting new blood into its network.
Electronic Organizations and Brokerages
Technological support for managing the creation and functioning of

virtual firms is a special, but unexplored, aspect of electronic commerce.
The specific issue is both complex and important because a poorly
structured or managed virtual organization quickly degenerates into a
chaotic entity.
The goal of electronic brokerages is to increase the efficiency of the

internal marketplace. Internal markets are beginning to appear not only
in corporations but even in non-business institutions like the
government. Many enterprises are abandoning their central-planning
apparatus in favor of internal markets to foster internal competition,
reduce costs, and increase efficiency.
Once we accept the premise that the future organizational structure will
be an internal marketplace populated by specialized brokerages,
questions surface about the structure of this market place. We chose the
notion of brokerage to describe the internal marketplace because in the
real world, brokerages are widespread (realtors, stockbrokers, tax
accountants) an play an important role in facilitating efficient markets.
Our working definition of an electronic brokerage is: multiple services
provided by a single interface with a single point of accountability on an
order-by-order basis. Brokerage service providers are intimately involved
in the details of customer operations, end to end, in order to understand

customer needs and deliver better service.
Q. What is Security Threats?
Ans:- Some of the threats that stimulated the upsurge of interest in

security include the following.
(a) Organized and internal attempts to obtain economic or market
information from competitive organizations in the private sector.
(b) Organized and intentional attempts to obtain economic information
from government agencies.
(c) Inadvertent acquisition of economic or market information
(d) Inadvertent acquisition of information about individuals
(e) Intentional fraud through illegal access to computer repositories
including acquisition of funding data, economic data, law enforcement
data, and data about individuals.
(f) Government intrusion on the rights of individuals
(g) Invasion of individuals rights by the intelligence community.
Q. Mention some Hacking Technique.
Ans:-There are some Hacking Techniques are

Stolen accessStolen resources
Internet virus
(aka worm)
Email
Impostures
Email snooping
Sniffing
Spoofing
Async attacks
Trojan horses
Back doors
* Involves the use of another users ID or password without permission to

gain access to the internet.* Search for processors to store stolen
software and data bases
*Virus designed to traverse through the network, passing through
multiple processors and either sending information back to the originator
or doing damage to the processors it passes though.
* Sending email while falsifying the From field
* Email passes through at least two nodes to be received; as the email
* passes through these nodes, and is stored transiently, it is susceptible

to people tithe system access, unless secured.
* If a hacker has gained access to a host, the hacker may set up sniffing
programs to observe traffic storing information (IDs/passwords)that can
be used to compromise other systems.
* Assuming someone elses identity, whether it be a login ID, an IP

address a server, or an e-commerce merchant.
* While programs are idle in host memory, a hacker may have the
opportunity to access the programs data.
*Viruses concealed within a software package injected into a host. May

be destructive or perform some covert activity designed to send data back
to the hacker.
*Applications/system programmers may implement a secret password

that allows the programmer easy access to a host or application on the
host; these passwords may be infiltrated.
KERBEROS
Kerberos provides an authentication means in an open (unprotected)

network. This is accomplished without relying on authentication by the
host operating system, without basing trust on host addresses, without
requiring physical security of all the hosts on the network, and under the
assumption that protocol data units traveling along the network can be
read, modified, and inserted at will. Kerberos performs authentication
under these conditions as a trusted third party authentication service by
using conventional (shared-secret key) cryptography. The Kerberos
protocol was developed as a part of the Massachusetts Institute of

Technologys project. Athena to provide authentication of users to
distributed systems services running on the campus network.The
Kerberos protocol is based, in part, on the symmetric versions of the
Needham and Shroeders authentication protocol; this was modified
using timestamps, reducing the number of messages needed for initial
authentication. Subsequent authentication is supported by using a
session key in place of a users password. Kerberos uses a trusted thirdparty authentication scheme, in which users and hosts rely on the third
party to bear the burden of trust both the hosts and users trust the
third party and not each other. The model postulates that the third party
(also called key distribution centre KDC) verifies the identity of users and
hosts, based on a encrypted password and thus prove the identity of a
user or host without revealing its password. Some of the design
principles of Kerberos are as follows.
l Both one-way and two-way authentication are supported.
l Authentication should be achieved without transmitting unencrypted
passwords over a network.
l No unencrypted passwords should be stored in the KDC
l Clear text passwords entered by client users should be retained in
memory for the shortest time possible, and then destroyed.
l Authentication compromises that might occur should be limited to the

length of the users current login session.
l Each authentication should have a finite lifetime, lasting about as long
as a typical logic session.
During this lifetime, the authentication may be reused as often as
needed.
l Network authentication should be nearly unnoticed by users: the only

time users should be aware that authentication is occurring is when
entering a password at the time of login.
l Minimal effort should be required to modify existing applications that
formerly used other, lesssecure authentication schemes.
Kerberos Authentication process

Client sends a request to the authentication server requesting credentials
for a given server.
Authentication server responds with these credentials, encrypted in the
clients key. The credentials
consists of the following:
1. A ticket for the server
2. A temporary encryption key (often called a session key)Client
transmits the ticket (which contains the clients identity and a copy of the
session key, all encrypted in the servers key) to the server. Session key
(now shared by the client and server) is used to encrypt further
communication between the two parties or to exchange a separate
subsession key to be used to encrypt further communication WORKFLOW AUTOMATION AND COORDINATIONA vision of speeding up or
automating routine business tasks has come to be known as work-flow
automation. The goal of work-flow automation is to offer more timely,
cost-effective, and integrated ways to make decisions. A work flow
portrays the movement of a business process and its associated tasks
among workers and the operations required to process relevant
information as it moves from initiation to completion. Under the
computing umbrella, a work flow is the movement of information from
one users desktop to anothers. All work flows taken together constitute
a process. For the purposes of automation, knowledge-based business

processes can be defined as sets of rules and milestones that define and
control the flow of information.
Typically, work flows are decomposed into steps or tasks, which are then
task ordered to determine
which should be done first, second, and so on. Work flows can be simple
or complex. Simple work flows typically involve one or two tasks, for
example, an intelligent mail application helps prioritize and route a
users mail. On the other hand, a work-flow application that can move a
purchase order through the approval process and track the actual
delivery of the product from the supplier to the warehouse is a complex
task. A complex work flow may involve several other work flows, some of
which may execute simultaneously. Organizational integration is
extremely complex and typically involves three steps: (1) improving
existing processes by utilizing technology where appropriate; (2)
integrating across the business functions after identifying the
information needs for each process; (3) integrating business functions,
application program interfaces, and database across departments and
end users have access to organization wide data, rather than relying on
proprietary data.
8.6.1. Work-Flow Coordination

The key element of a market-driven business is the coordination of tasks
and other resources throughout the company to create value for
customers.
Some of the simplest work-flow coordination tools to understand and
implement are electronic formsrouting applications. These packages offer
a network-based, automated alternative to paper documents (such as
expense reports, purchase orders). A department manager, for example,
might design an expense report form that is initiated by account

executives, routed to an administrative assistant for error checking, then
sent back to the manager for approval. After approving the report, the
manager can print it out and send it to accounting for final settlement.
The manager can print it out and send it to accounting for final
settlement. The manager could also include an accounts payable person
in the work flow, thus extending the routing process outside the sales
department.
As the number of parties in the work flow increases, good coordination

becomes crucial. To facilitate better work flow coordination, companies
are using software agents.
Q. What are Security Strategies And List the Security Tools.
Ans: - There are basic security strategies that can be utilized to combat
the threats discussed so for: access to control, integrity, confidentiality,
and authentication. However, before defenses can be deployed, a security
policy must be developed by an organization.Policy guidelines When a
system administrator sets security policies, he or she is developing a plan
for how to deal with computer security one way to approach this task is
to do the following.
(a) Look at what it is you are trying to protect
(b) Look at what you need to protect these data/resources from
(c) Determine how likely the threats are
(d) Implement measures which will protect your assets in a cost-effective

manner
(e) Review the process continuously and improve processes when a

weakness is found.
SECURITY TOOLS
The internet uses the transport control protocol / Internet protocol
(TCP/IP) as the primary network protocol engine. Each IP packet
contains the data that is to be sent to some endpoint destination. The IP
packet consists of a 32 bit source and destination address (in IPv4),
optional bit flags, a header checksum, and the data itself. There is
guarantee at the network layer that the IP protocol data units will be
received, and even if they are received, they may not be received in any
particular order. There is also no guarantee that the packet was sent
from the supplied source address; therefore, you cannot solely rely on the
source address to validate the identity of the user who sent the packet.
TCP provided retransmission of lost or corrupted protocol data units into
their original order of transmission. Each packet contains a sequence
number which is what TCP uses to sort the protocol data units. The
acknowledgement number is the sequence number of the last packet
transmitted. The two most prominent secure transmission protocols for
secure Web communication are l Secure sockets Layer l Secure HTTP (SHTTP)
Q. What are the Approaches for Enterprise Level Security?
Ans:- This type of security measure allows an administrator to select

applicable services necessary to ones business and screens out any
services that may be a potential security risk. Firewalls are classified into
three main categories:
1. Packet filters
2. Application level gateways
3. Proxy servers
Packet filtering:- Packet filtering at the network layer can be use as a first
defense. Basic filtering comes as part of most routers software. Each
packet is either forwarded or dropped based on its source address
destination address, or a defined (TCP) port. Configuring a filter involves
some determination of what services/addresses should and should not
be permitted to access the network or server.
Application-level gateways: An application-level gateway provides a

mechanism for filtering traffic for various applications. The administrator
defines and implements code specific to applications or services used by
the users site (applications, such as SMTP, reside at the application
layer). Services or users that can compromise the network security can
then e restricted. To counter some weaknesses associated with packet
filtering routers, firewalls utilize software applications to forward and
filter connections for services such as Telnet, FTP, and HTTP. Application
gateways mediate traffic between a protected network and the Internet. A

key distinction between a protected network and the Internet. A key
distinction between a packet-filtering router and an application-level
gateway is the ability to filter and log at the application level rather than
just the IP level.
Proxy Servers A proxy server terminates a users connection (by

application) and sets up a new connection to the ultimate destination on
behalf of the user, proxying for the user. A user connects with a port on
the proxy; the connection is routed through the gateway to a destination
port, which is routed to the destination address. Logging can be set up to
track such transmission information as number of bytes sent, Inbound
IP address, and the outbound destination IP address. Usually, if a proxy
is used, the proxy server provides most of the Internet connectivity. An
example of a proxy is a Web services proxy server (HTTP).
PASSWORD SECURITY SYSTEM
As noted in the mechanisms section, passwords are the most widely used
security measure in existence today. Passwords and password
information files are often the target for many attackers. Once an
attacker has obtained a password, there is little or no controlling what
damage may be done or what proprietary information could be leaked
out. Passwords should be changed regularly. The more often a password
is changed the more secure the account becomes. As a general rule,
passwords should not be written down; if a password is to be written
down, it should not be located anywhere near where it could to log in
(this apply to internal security threats). Login attempts should be limited
to three or less tries. Password security is only as good as the password
itself. As noted, attackers today have sophisticated password breaking

tools, which will keep trying different combinations of numbers and
characters until the password has been breached. It is not surprising
then that most attacks are successful due to poorly chosen password.
One-time passwords: One time passwords provide greater security

because they can only be used once, then are not longer valid. This is
accomplished via an authentication scheme. There are several ways to
implement one-time passwords; however, one of the most common
involves the use of internal clock, a secret key, and a handled display.
The current time and the secret key are processed through some function
and are displayed on the screen. The displayed value will change about
once per minute, so that the value will not be repeated. The host
processor proceeds to validate the user by matching the users output to
the hosts calculated output.
Smart Cards: A smart card is a portable device that contains some

nonvolatile memory and a
microprocessor. This card contains some kind of and encrypted key that
is compared to a secret key contained on the users processor. Some
smart cards allow users to enter a personal identification number (PIN)
code. Smart cards are becoming relatively common, with 200 million
cards expected in use world wide by 1998.
Countering the threat of viruses
The best solution for the threat of viruses is prevention: do not allow a
virus to get into the system inthe first place. In general, this goal is
impossible to achieve, although prevention can reduce the number of

successful viral attacks. The next best approach is to do the following:
l Detection : After the infection has occurred, determine that it has
occurred and locate the virus.
l Purging: Remove the virus from all infected systems so that the disease
cannot spread further.
l Recovery: Recover any lost data or programs.Because of the variety of
viruses, there is no universal remedy. A number of programs provide
someprotection, and the security manager should be advised to contact
several vendors and assess their products.
Q. What are the basic types of Physical data security and threats to
data?
Ans:- These are the basic types of Physical data security :-
a) Data integrity, b) Data availability.
There are two types of threats to data: -
a) Active Threats, b) Passive
Threats.
Passive threats.
Passive threats involve monitoring the transmission data of an

organization. The goal of the attackeris to obtain information that is
being transmitted. In general, this is not the easiest task to undertake.

Two types of threats are involved here: release of message contents and
traffic analysis.
The threat of release of message contents is clearly a concern. A

telephone conversation, an electronic mail message, or a transferred file
may contain sensitive or confidential information. One wants to prevent
the attacker from learning the contents of these transmissions. Passive
threats are difficult to detect because they do not involve alteration of the
data. However it is feasible to prevent these attacks from being
successful. The emphasis in dealing with passive threats is on prevention
rather than detection. Although these threats can be directed at
communication resources they are generally perpetrated at the host level.
Active Threats
Active threats involve some modification of the data stream or the

creation of a false stream. One can classify these threats into three
categories: message-stream modification, denial of message of service,
and masquerade. Active threats have the opposite characteristics of
passive threats. Passive attacks are difficult to detect and there are
measures available to prevent their success. On the other hand, it is
difficult to ultimately prevent active attacks because this would require
physical protections of all hosts and/or communications facilities all the
time. Instead, the goad is to detect active attacks and recover from
disruption or delays caused by the attack. Because the detection has a
deterrent effect, this may also contribute to prevention.
PROTECTING RESOURCES
The term computer and network security refers in a broad sense to

confidence that information an services available on a network cannot be
accessed by unauthorized users. Security implies safety, including
assurance of data integrity, freedom from unauthorized access, freedom
from snooping or wiretapping, and freedom from disruption of service. Of
course, just as no physical property is absolutely secure against crime,
no host is absolutely secure. Organizations make an effort to secure
hosts for the same reason they make an effort to secure buildings and
offices. At the same time, organizations note that in practical terms, most
security violations are from internal treats rater than from external
threats. Providing security for information requires protecting both
physical and abstract resources. Physical resources include storage
devices such as magnetic tapes and disks, as well as active devices such
as computers and servers. In a network environment, physical security
extends to the cables, modem pools, switches, bridges, and routers that
comprise the communication infrastructure. Good physical security can
eliminate attacks, sabotage/denial of service, and exploitation (e.g.
disabling a router and causing packets to be routed through an
alternative path).
Protecting an abstract resource such as information is usually more

difficult than providing physical security. Data integrity (i.e. protecting
information from an unauthorized change) is crucial; so is data
availability (i.e. guaranteeing that outsiders cannot prevent legitimate
data access by saturating a network). Because information can in
principle be copied as it passes across a network, protection must also
prevent unauthorized read/write/delete; that is, network security must
include a guarantee of privacy. Often it can be difficult to discern the
difference between legitimate and illegitimate access while a transfer is in

progress. More important, while physical security often classifies people
and resources into broad categories (e.g. all non employees are forbidden
from using a given hallway), security related to information usually needs
to be more restrictive (e.g. some parts of an employees record are
available only to the personnel office, others are available only to the
employees boss, and others are available to the payroll office).
Chapter 10
Q.Explain Secure Socket Layer.
Ans:- The secure socket layer (SSL) protocol developed by Netscape

communications is a security protocol The protocol allows client/server
applications to communicate in a way that data transmissions cannot be
altered or disclosed. Servers are always authenticated and clients are
exchanged algorithms and hardware tokens. The strength of SSL is that
it is application independent. HTTP, telnet, and FTP can be placed on top
of SSL transparently. SSL provides channel security (privacy and
authentication) through encryption and reliability through a message
integrity check. Netscape states that SSL aims at making the cost of such
an attack greater than the benefits gained from a successful attack, thus
making it a waste of time and money to perform such an attack. SSL
uses three-part process. First, information is encrypted to prevent
unauthorized disclosure. Second, the information is authenticated to
make sure that the information is being sent and received by the correct
party. Finally, SSL provides message integrity to prevent the information
from being altered during interchanges between the source and sink.
SECURE TRANSPORT PROTOCOL
The secure sockets layer systems from Netscape communications and the
secure hypertext transfer protocol form commerce net offer secure means
of transferring information through the Internet and the WWW. SSL and
S-HTTP allow the client and servers to execute all encryption and
decryption of Web transactions automatically and transparently to the
end user. SSL works at the transport layer and it is simpler than S-HTTP
which works at the application layer and supports more services (such as
firewalls and generation and validation of electronic signature.
S-HTTP
S-HTTP is a secure extension of HTTP developed by the commerce Net
consortium. S-HTTP offers security techniques and encryption with RSA
methods, along with other payment protocols. For secure transport, SHTTP supports end-to-end secure transactions by incorporating
cryptographic enhancements to be used for data transfer at the
application level. This is in contrast to existing HTTP authorization
mechanisms, which required the client to attempt access and be denied
before the security mechanism is employed. S-HTTP incorporates publickey cryptography from RSA Data security in addition to supporting
traditional shared secret password and Kerberos based security systems.
The RSA data security ciphers used by S-HTTP utilize two keys; files
encrypted by one can only be decrypted by application of the other key. A
company generates a pair of these keys, publishes one and retains the
other. When another company wishes to send a file to the first company,
it encrypts the file with the published key of the intended recipient. The
recipient decrypts it with the private key. S-HTTP allows Internet users to
access a merchants Website and supply their credit card numbers to
their web browsers; S-HTTP encrypts the card numbers, and the
encrypted files are then sent to the merchant. Then, S-HTTP decrypts the
files and relays back to the users browsers to authenticate the shoppers
digital signatures. The transaction proceeds as soon as the signatures

are verified.
Q. Explain SEPP(secure electronic payment protocol) in details.Ans: IBM,
Netscape, GTE, Cybercash, and mastercard have cooperatively developed
SEPP- an open, vendor-neutral, nonproprietary, license free specification
for securing on-line transactions. Many of its concepts were rolled into
set, which is expected to become the de facto standard. Because of its
development importance, SEPP is discussed briefly in this section.
There are several major business requirements addressed by SEPP.
1. To enable confidentiality of payment information
2. To ensure integrity of all payment data transmitted.
3. To provide authentication that a cardholder is the legitimate owner of

a card account.
4. To provide authentication that a merchant can accept mastercard,

branded card payments with an acquiring member financial institution.
SEPP is the electronic equivalent of the paper charge slip, signature, and
submission process. SEPP takes input from the negotiation process and
causes the payment to happen via a three-way communication among
the cardholder, merchant, and acquirer. SEPP only addresses the
payment process; privacy of nonfinancial data is not addressed in the
SEPP protocol-hence, it is suggested that all SEPP communication be
protected with encryption at a lower layer, such as with netscapes SSL.

Negotiation and delivery are also left to other protocols.
SEPP PROCESS
SEPP assumes that the cardholder and merchant have been

communicating in order to negotiate terms of a purchase and generate
an order. These processes may be conducted via a WWW browser,
alternatively, this operation may be performed through the use of
electronic mail, via the users reviews of a paper or CD-ROM catalog or
other mechanisms. SEPP is designed to support transaction activity
exchanged in both interactive and non interactive modes. The SEPP
system is composed of a collection of elements involved in electronic
commerce.
l Card holder: This is an authorized holder of a bankcard supported by

an issuer and registered to perform electronic commerce.
l Merchant: This is a merchant of goods, services, and/or e-products who
accepts payment for them electronically and may provide selling services
and / or electronic delivery of items for sale.
l Acquirer. This is a financial institution that supports merchants by
providing service for processing credit card based transactions.
l Certificate management system: This is an agent of one or more
bankcard associations that provides for the creation and distribution of
electronic certificates for merchants, acquirers, and cardholders.
l Banknet: This represents the existing Network which interfaces
acquirers, issuers and the certificate management systems. These
elements for ecommerce exist tow and interact through existing

mechanisms, with the excepting of the certificate management system. In
the SEPP systems, these components acquire expanded roles to
complement existing functionality into the electronic commerce context.
Impact of electronic commerce

There is no question that electronic commerce, as exemplified by the
popularity of the Internet, is going to have an enormous impact on the
financial services industry. No financial institution will be left unaffected
by the explosion of electronic commerce.
l The number of payment card purchases made through this medium will
grow as Internet-based on-line ordering systems are created.
l Many banks are planning to support this new form of electronic
commerce by offering card authorizations directly over the Internet.
l Several trials with electronic currency and digital cash are already
underway Role of payment systems Payment systems and their financial
institutions will play a significant role by establishing open specifications
for payment card transactions that:
l Provide for confidential transmission,
l Authenticate the parties involved,
l Ensure the integrity of payment instructions for goods and services
order data, and
l Authenticate the identity of the cardholder and the merchant to each
other.
Purpose of Secure Electronic Transaction(SET)
To meet these needs, the Secure Electronic Transaction (SET) protocol

uses cryptography to:
l Provide confidentiality of information,
l Ensure payment integrity, and
l Authenticate both merchants and cardholders.,
These specifications will enable greater payment card acceptance, with a
level of security that will encourage consumers and businesses to make
wide wue of payment card products in this emerging marker.
SECURE ELECTRONIC TRANSACTION(SET)At this juncture, the
industry is counting on SET to accelerate internet electronic commerce.
SET is becoming the de facto standard for security. Depicts its operation.
The following list depicts key functions of the specification.
l Provide for confidential payment information and enable confidentiality
of order information
that is transmitted with payment information l Ensure integrity for all
transmitted data
l Provide authentication that a buyer is a legitimate user of a branded
(e.g. Visa, Master Card,
American Express) bankcard account.
l Provide authentication that a merchant can accept bank card payments
through its relationship with an appropriate financial institution.
l Ensure the use of the best security practices and design techniques to
protect all legitimate
parties in an electronic commerce transaction.
l Ensure the creation of a protocol that is neither department on
transport security mechanisms
no prevents their use.

l Facilitate and encourage interoperability across software and network
providers. SET offers buyers more security than is available in the
commercial market. Instead of providing merchants with access to credit
card numbers, SET encodes the numbers so only the consumer and
financial institution have access to them.. Cardholders, merchants, and
the financial institution each retain SET certificates that identify them
and the public keys associated with their digital identifies. A third party
provides digital certificates to the card-issuing financial institution; the
institution then provides a digital certificate to the card holder. A similar
process takes place for the merchant. At the time of the purchase, e ach
partys SET-compliant software validates both merchant and cardholder
before any information is exchanged. The validation takes place by
checking the digital certificates that were issued by an authorized third
party, such as VeriSign. SET is a combination of an application-level
protocol and recommended procedures for handling credit card
transactions over the Internet. Designed for cardholders, merchants, and
bank (and other card processors), SET covers certification of all parties
involved in a purchase as well as encryption and authenticating
procedures. Stamped with trusted brand names, the new SET based
systems will be a major impetus to the comfort level of Web shopping for
both merchants and consumers. The merchantware that incorporates
SET will provide on-line vendors with seamless, fraud-resistant ways to
handle activities ranging from displaying goods on-line, to settling credit
card transactions via back-office links to banks. SET requires that an
individual possess a digital certificate for each credit cad that he or she
plants to use. This requirement may cause some management concerns
for those users with more than one credit card. To complete a transaction
involving a digital certificate as used in SET, there can be substantial
administrative tracking to ensure that the certificate for a credit card is
trustworthy and valid.
S-HTTP
S-HTTP is a secure extension of HTTP developed by the commerce Net
consortium. S-HTTP offers
OBJECTIVES
Motivation
The primary motivation for the bankcard associations to provide

specifications for secure paymentsare:
l To have the bankcard community take a leadership position in
establishing secure payment specifications and, in the process, avoid any
cost associated with future reconciliation of implemented approaches,
l To respect and preserve the relationship between merchants and
Acquirers and between
cardholders and Issuers,
l To facilitate rapid development of the marketplace,
l To respond quickly to the needs of the financial services market, and
l To protect the integrity of bankcard brands.
Payment security
The objectives of payment security are to:
l Provide authentication of cardholders, merchants and acquirers,
l Provide confidentiality of payment data,
l Preserve the integrity of payment data, and
l Define the algorithms and protocols necessary for these security

services.
Interoperability
The objectives of interoperability are to:
l Clearly define detailed information to ensure that applications
developed by one vendor will interoperate with applications developed by
other vendors,
l Create and support an open payment card standard,
l Define exportable technology throughout, in order to encourage globally

interoperable software,
l Build on existing standards where practical,
l Ensure compatibility with and acceptance by appropriate standards

bodies, and
l Allow for implementation on any combination of hardware and software

platforms such as
PowerPC, Intel, Sparc, UNIX, MS-DOS, OS/2, Windows and Macintosh
Market acceptance
The objectives of market acceptance are to:
l Achieve global acceptance, via ease of implementation and minimal

impact on merchant and
cardholder end users,
l Allow for bolt-on implementation of the payment protocol to existing

client applications,
l Minimize change to the relationship between acquirers and merchant,

and cardholders and
issuers,
l Allow for minimum impact to existing merchant, acquirer and payment

system applications and infrastructure.
security techniques and encryption with RSA methods, along with other
payment protocols. For secure transport, S-HTTP supports end-to-end
secure transactions by incorporating cryptographic enhancements to be
used for data transfer at the application level. This is in contrast to
existing HTTP authorization mechanisms, which required the client to
attempt access and be denied before the security mechanism is
employed. S-HTTP incorporates public-key cryptography from RSA Data
security in addition to supporting traditional shared secret password and
Kerberos based security systems. The RSA data security ciphers used by
S-HTTP utilize two keys; files encrypted by one can only be decrypted by
application of the other key. A company generates a pair of these keys,
publishes one and retains the other. When another company wishes to
send a file to the first company, it encrypts the file with the published key
of the intended recipient. The recipient decrypts it with the private key.
S-HTTP allows Internet users to access a merchants Website and supply
their credit card numbers to their web browsers; S-HTTP encrypts the
card numbers, and the encrypted files are then sent to the merchant.
Then, S-HTTP decrypts the files and relays back to the users browsers to
authenticate the shoppers digital signatures. The transaction proceeds
as soon as the signatures are verified.
Payment System Participants
Interaction of participants
SET changes the way that participants in the payment system interact.
In a face-to-face retail transaction or a mail order transaction, the
electronic processing of the transaction begins with the merchant or the
Acquirer. However, in an SET transaction, the electronic processing of the
transaction begins with the cardholder.
Cardholder
In the electronic commerce environment, consumers and corporate

purchasers interact with merchants from personal computers. A card
holder uses a payment card that has been issued by an Issuer. SET
ensures that the interactions the cardholder has with a merchant keep
the payment card account information confidential.
Issuer
An Issuer is the financial institution that establishes an account for a

cardholder and issues the payment card. The Issuer guarantees payment
for authorized transactions using the payment card in accordance with
payment card brand regulations and local legislation.
Merchant
A merchant offers goods for sale or provides services in exchange for

payment. SET allows a
merchant to offer electronic interactions that cardholders can use
securely. A merchant that accepts payment cards must have a
relationship with an Acquirer.
Acquirer
An Acquirer is the financial institution that establishes an account with
a merchant and processes payment card authorizations and payments.
Payment gateway
A payment gateway is a device operated by an Acquirer or a designated

third party that processes merchant payment messages ( including
payment instructions from cardholders).
Brand
Financial institutions have founded bankcard associations that protect

and advertise the brand, establish and enforce rules for use and
acceptance of their bankcards, and provide networks to interconnect the
financial institutions.
Other brands are owned by financial services companies that advertise

the brand and establish and enforce rules for use and acceptance of their
payment cards. These brands combine the roles of Issuer and Acquirer in
interactions with cardholders and merchants.
Third parties
Issuers and Acquirers sometimes choose to assign the processing of

payment card transactions to third party processors. This document
does not distinguish between the financial institution and the processor
of the transactions.
CRYPTOGRAPHY
Protection of sensitive information
Cryptography has been used for centuries to protect sensitive

information as it is transmitted from one location to another. In a
cryptographic system, a message is encrypted using a key. The resulting

ciphertext is then transmitted to the recipient where it is decrypted using
a key to produce the original
message. There are two primary encryption methods in use today: secretkey cryptography and publickey cryptography. SET uses both methods in
its encryption process.
Secret key cryptography
Secret Key cryptography, also known as symmetric cryptography, uses

the same key to encrypt and decrypt the message. Therefore, the sender
and recipient of a message must share a secret, namely the key. A well
known secret-key cryptography algorithm is the Data Encryption
Standard(DES), which is used by financial institutions to encrypt PINs.
Secret-key cryptography is impractical for exchanging messages with a

large group of previously unknown correspondents over a public network.
In order for a merchant to conduct transactions securely with millions of
Internet subscribers, each consumer would need a distinct key assigned
by the merchant and transmitted over a separate secure channel. On the
other hand, by using public-key cryptography, that same merchant could
create a public/private key pair and publish the public key allowing any
consumer to send a secure message to the merchant.
Encryption
Confidentiality is ensured by the use of message encryption.
Encryption: relationship of keys When two users want to exchange

messages securely, each transmits one component of their key
Encryption: use of symmetric keySET will rely on cryptography to ensure
message confidentiality, In SET, message data will initially be encrypted
using a randomly generated symmetric encryption key. This key, in turn,
will be encrypted using the message recipients public key. This is
referred to as the digital envelope of the message and is sent to the
recipient along with the encrypted message itself. After receiving the
digital envelope, the recipient decrypts it using his or her private key to
obtain the randomly generated symmetric key and then uses the
symmetric key to unlock the original message.
Digital signatures: using message digests When combined with message
digests, encryption using the private key allows users to digitally sign
messages. A message digest is a value generated for a message ( of
document) that is unique to that message. A message digest is generated
by passing the message through a one way cryptographic function, i.e.,
one that cannot be reversed. When the digest of a message is encrypted
using the senders private key and is appended to the original message,
the result is known as the digital signature of the message.
The recipient of the digital signature can be sure that the message really
came from the sender. And, because changing even one character in the
message changes the message digest in an unpredictable way, the
recipient can be sure that the message was not changed after the
message digest was generated.
Digital signatures: example
For example, Alice computers the message digest of a property

description and encrypts it with her private key yielding a digital
signature for the message. She transmits both the message and the
digital signature to Bob. When Bob receives the message, he computes
the message digest of the property description and decrypts the digital
signature with Alices public key. If the two values match, Bob knows
that the message was signed using Alices private key and that it has not
changed since it was signed.
SET authentication
The means that a financial institution uses to authenticate a card holder
or merchant is not defined by
PAYMENT PROCESSING
Transactions described
This section describes the flow of transactions as they are processed by

various systems.
SET defines a variety of transaction protocols that utilize the
cryptographic concepts introduced in previous section to securely
conduct electronic commerce. The section describes the following
transactions:
l Cardholder registration
l Merchant registration
l Purchase request
l Payment authorization
l Payment capture
Other transactions
The following additional transactions are part of these specifications, but

are not described in this section:
l Certificate query
l Purchase inquiry
l Purchase notification
l Sale transaction
l Authorization reversal
l Capture reversal
l Credit
l Credit reversal
Q. What is the role of encryption of E-commerce?
Ans:- Encryption-Confidentiality is ensured by the use of message

encryption. Encryption: relationship of keys-When two users want to
exchange messages securely, each transmits one component of their key
pair, designated the public key, to the other and keeps secret the other
component, designated the private key. Because messages encrypted
with the public key can only be decrypted using the private key, these
messages can be transmitted over an insecure network without fear that
an eavesdropper can use the key to read encrypted transmissions.
Encryption: use of symmetric key-SET will rely on cryptography to
ensure message confidentiality, In SET, message data will initially be
encrypted using a randomly generated symmetric encryption key. This
key, in turn, will be encrypted using the message recipients public key.
This is referred to as the digital envelope of the message and is sent to
the recipient along with the encrypted message itself. After receiving the
digital envelope, the recipient decrypts it using his or her private key to
obtain the randomly generated symmetric key and then uses the
symmetric key to unlock the original message.
these specifications. Each payment card brand and financial institution
will select an appropriate method.Introduction of dual signature
SET introduces a new application of digital signatures, namely the
concept of dual signatures. To understand the need for this new concept,
consider the following scenario: Bob wants to send Alice an offer to
purchase a piece of property and an authorization to his bank to transfer
the money if Alice accepts the offer, but Bob does not want the bank to
see the terms of the offer nor does he want Alice to see his account
information. Further, Bob wants link the offer to the transfer so that the
money is only transferred if Alice accepts his offer. He accomplishes all of
this by digitally signing both messages with a single signature operation
that creates a dual signature.
Generation of a dual signature
A dual signature is generated by creating the message digest of both

messages, concatenating the two digests together, computing the
message digest of the result and encrypting this digest with the signers
private signature key. The signer must include the message digest of the
other message in order for the recipient to verify the dual signature. A
recipient of either message can check its authenticity by generating the
message digest on its copy of the message, concatenating it with the
message digest of the other message (as provided by the sender) and
computing the message digest of the result. If the newly generated digest
matches the decrypted dual signature, the recipient can trust the
authenticity of the message.Example
If Alice accepts Bobs offer, she can send a message to the bank
indicating her acceptance and including the message digest of the offer.
The bank can verify the authenticity the same offer by using its digest of
the authorization and the message digest presented by Alice of the offer
to validate the dual signature. Thus the bank can check the authenticity
of the offer against the dual signature, but the bank can not see the
terms of the offer.
Q.What are software agent???

Ans- Software agents are used to implement information brokerages.
Agents are encapsulations of users instructions that perform all kinds of
tasks in electronic marketplaces spread across networks. Information
brokerages dispatch agents capable of information resource gathering,
negotiating deals and performing transactions.
Although the notion of software agents sounds very seductive, it will take
a while to solve the problems of inter-agent communication, interoperable
agents, and other headaches that come with distributed computing and
networking.
Q.What is IP SPOOFING ? with an example
Ans- IP spoofing is a technique that can lead to root access on a system.

It is the tool that intruders often use to take over open terminal and login
connections after they get root access. Intruders create packets with
spoofed or impersonated source IP addresses. The attacks involve forging
the source address of packets(usually claiming that they come from
inside the organizations own network). Other types of IP attacks include
user-in-the-middle attacks (the attacker is able to send you packets and

intercept the packets you reply with) and source-routing attacks
(attackers exploit the IP headers source-routing option to dictate the
route the packets should take). The deterrent is to properly configure
packet-filtering firewalls. Because of IP spoofing, no address-based
authentication is possible.
Example:- Assuming someone elses identity, whether it be a login ID, an

IP address a server, or an e-commerce merchant
Q- VIRUSES AND WORMS
A new threat has arisen in the past few years to cause concern among
data processing an data
communications managers: the virus and its relative, the worm. These
entities range from the harmless to the destructive. A virus is a program
that can affect other programs by modifying hem; the modified program
includes a copy of the virus program, which can then go on to infect
other programs. A warm is a program that makes use of networking
software to replicate itself and move from system to system. The worm
performs some activity on each system it gains access to, such as
consuming processor resources or depositing viruses. What is worrisome
to the manager responsible for security is the prevalence of these
computer contagions. What was once rare has reached epidemic
proportions, disrupting operations, destroying data, and raising
disturbing questions about the vulnerability of information systems
everywhere. Java-based applets found on web sites could easily contain

viruses.
1. What is OMC cycle?
OMC cycle refers to the order-to-delivery cycle from the merchants

perspective. It consists of eight steps namely order planning and order
generation, cost estimation and pricing, order receipt and entry, order
selection and prioritization, order scheduling, order fulfillment and
delivery, order billing and account/payment management, and post-sales
service.
Telnet
Telnet enables users to log on to remote computers. Telnet does little to

detect and protect against unauthorized access. Fortunately, Telnet is
generally supported either by using an application gateway or by
configuring a router to permit outgoing connection using something such
as the established screening rules.
Use of dual signaturesWithin SET, dual signatures are used to link an

order message sent to the merchant with the payment instructions
containing account information sent to the Acquirer. When the merchant
sends an authorization request to the Acquirer, it includes the payment
instructions sent to it by the cardholder and the message digest of the
order information. The Acquirer uses the message digest from the
merchant and computers the message digest of the payment instructions

to check the dual signature.
KINDS OF SHOPPING
Variety of experiences
There are many ways that cardholders will shop. This section describes
two ways. The SET protocol supports each of these shopping experiences
and should support others as they are defined.
On-line catalogues
The growth of electronic commerce can largely be attributed to the

popularity of the World Wide Web.Merchants can tap into this popularity
by creating virtual storefronts on the Web that contain on-line
catalogues. These catalogues can be quickly updated as merchants
product offerings change or to reflect seasonal promotions. Cardholders
can visit these Web pages selecting items for inclusion on an order. Once
the cardholder finishes shopping, the merchants Web server can send a
completed order form for the cardholder to review and approve.Once the
cardholder approves the order and chooses to use a payment card, the
SET protocol provides the mechanisms for the card holder to securely
transmit payment instructions as well as for the merchant to obtain
authorization and receive payment for the order.
Electronic catalogues
Merchants may distribute catalogues on electronic media such as

diskettes or CD-ROM. This approach allows the cardholder to browse
through merchandise off-line. With an on-line catalogue, the merchant
has to be concerned about bandwidth and may choose to include fewer
graphics or reduce the resolution of the graphics. By providing an off-line
catalogue, such constraints are significantly reduced. In addition, the
merchant may provide a custom shopping application tailored to the
merchandise in the electronic catalogue. Cardholders will shop by
browsing through the catalogue and selecting items to include on an
order.
Once the cardholder approves the order and chooses to use a payment
card, an electronic message using the SET protocol can be sent to the
merchant with the order and payment instructions. This message can be
delivered on-line, such as to the merchants Web page, or sent via a
store-and-forward mechanism, such as electronic mail.
MASQUERADE
A masquerade takes place when an attacker pretends to be someone else.

A masquerade attack usually includes one of the other two forms of
active attack. Such an attack can take place, for example, by capturing
and replaying an authentication sequence.
Q.Explain any seven business requirement.

There are seven major business requirements addressed by SET:
1. Provide confidentiality of payment information and enable

confidentiality or order information that is transmitted along with the
payment information.
2. Ensure integrity for all transmitted data.
3. Provide authentication that a cardholder is a legitimate user of a

branded payment card account.
4. Provide authentication that a merchant can accept branded payment

card transactions through its relationship with an acquiring financial
institution.
5. Ensure the use of the best security practices and system design
techniques to protect all legitimate parties of an electronic commerce
transaction.
6. Ensure the creation of a protocol that is neither dependent on

transport security mechanisms nor prevents their use.
7. Facilitate and encourage interoperability across software and network
providers.
Integrity of data
The specifications must guarantee that message content is not altered

during the transmission between originator and recipient. Payment
information sent from cardholders to merchants includes order
information, personal data and payment instructions. If any component
is altered in transit, the transaction will not be processed accurately. In
order to eliminate this potential source of fraud and/or error, SET must
provide the means to ensure that the contents of all order and payment
messages received match the contents of messages sent.
Q. What is standardization?What is the need for standardization?AnsThe biggest barrier to electronic trade is having all the pieces work
together so that information can flow seamlessly from one source to
another. This requires standardization.
On the corporate side, companies need compatible EDI software and

network services in order to send electronic purchase orders, invoices,
and payments back and forth.
Define commerce? Name two areas which are reasons of worry in ecommerce.?
Ans- It is not that the concept of e-commerce is totally without side

effects. The very nature of the concept, that is revolutionary makes it
difficult for the users to understand fully the various issues involved.
There are several areas of security, safety against fraud etc., the concept
of legal acceptance that are yet to be solved. Also since the internet
knows no national boundaries, the concepts become more complex, since
what is legal in one country may not be so in another. There is also the
concepts of taxation and state controls that needs to be solved
Q.Name a few operation performed by a e commerce:
i. Transactions between a supplier/a shopkeeper and a buyer or between

two companies over a public network like the service provider network
(like ISP). With suitable encryption of data and security for transaction,
entire operation of selling/buying and settlement of accounts can be
automated.
ii. Transactions with the trading partners or between the officer of the
company located at different locations.
iii. Information gathering needed for market research.
iv. Information processing for decision making at different levels of

management.
v. Information manipulation for operations and supply chain

management.
vi. Maintenance of records needed for legal purposes, including taxation,

legal suits etc.
vii.Transactions for information distributions to different retailers,

customers etc. including advertising, sales and marketing.
SECURE SOCKET LAYER (SSL)Th

that provides privacy over the Internet. The protocol allows client/server
applications to communicate in a way that data transmissions cannot be
altered or disclosed. Servers are always authenticated and clients are
exchanged algorithms and hardware tokens. The strength of SSL is that
it is applicationindependent. HTTP, telnet, and FTP can be placed on top
of SSL transparently. SSL provides channel security (privacy and
authentication) through encryption and reliability through a message
integrity check. Netscape states that SSL aims at making the cost of such
an attack greater than the benefits gained from a successful attack, thus
making it a waste of time and money to perform such an attack. SSL
uses three-part process. First, information is encrypted to prevent
unauthorized disclosure. Second, the information is authenticated to
make sure that the information is being sent and received by the correct
party. Finally, SSL provides message integrity to prevent the information
from being altered during interchanges between the source and sink.SSL
depends on RSA encryption for exchange of the session key and
client/server authentication and for various other cryptographic
algorithms. When a customer submits a request to purchase
merchandise
over the internet, the company responds with a public key that the
customers computer uses to encrypt sensitive information. The
information is sent to the company, which then uses a private key to
decrypt the information. The process is transparent to customers (being
handled by the browser), hence it is easy to use: the shoppers enter their
credit card numbers, SSL encrypts them and sends the encrypted files to
the merchant; the transmission proceeds as soon as SSL decrypts the
files.
SSL requires the merchant to use the netscape server software and the
buyer to use the Netscape browser software. As SSL becomes more widely
deployed and implemented, this restriction should go away. Mastercard
and Visa, as well as many other large corporations, have endorsed SSL
for financial transactions. There was recently a successful attack against
SSL by two graduate students at Berkeley; Netscape has since distributed
a patch for this key generation. Netscape has also developed secure
courier, which uses SSL to allow financial data to be transmitted in a
secure digital envelope. Information is encrypted at the time it leaves the
users computer and remains so until it reaches the financial institution.
This ensures that only the financial institution had access to the
inputted financial information . Secure courier also can verify the
authenticity of inputted financial account information. Before the
development of secure courier, a dishonest business could steal credit
information just as easily as a hacker.e secure socket layer (SSL) protocol
developed by Netscape communications is a security protocol
List the functions of the application layer.

The functions of the application layer are:n It is responsible for
facilitating interaction between many applications like WWW, EMAIL,
FTP, and DNS, and servers like mail server and FTP server.
n It interfaces directly to and performs common application services for
the application processes; it also issues requests to the presentation
layer.
2. What is DNS?
DNS is a name resolution service that resolves host names to the IP

addresses. DNS has a hierarchical and distributed database that
contains mappings of host names with the corresponding IP addresses.
3. Explain the working of DNS with an example.
DNS is a name resolution service that resolves host names to IP

addresses. A DNS server resolves host names to IP addresses for DNS
queries sent by the DNS clients. These queries can be in the form of a
name resolution query or a resource record. The resolver sends a User
Datagram Protocol (UDP) packet to the local DNS server. The DNS server
searches its table and returns the IP address, which matches the domain
name. DNS has a hierarchical and distributed database that contains
mappings of host names with the corresponding IP addresses.Resource
records are stored in a specific portion of the DNS database called the
DNS zone. A DNS zone contains resource records along with the owner
names. For example, an application program calls a procedure with its
domain name as parameter. The procedure sends an UDP packet to the
local DNS server. The DNS server searches its table and returns the IP
address which matches the Domain name. The program can now
establish a TCP connection or send UDP packets.
4. What is an iterative resolution?
Iterative resolution refers to the name resolution technique in which a

server sends back the information to a client or sends the name of the
server that has the information. The client then iterates by sending a
request to this referred server. This server may return the information
itself or send the name of another server. This process continues till the
time the client receives the required information.
1. What is FTP?
FTP is a standard protocol for transferring files between remote

computers. It uses the Internets TCP/IP protocols to enable data
transfer.
2. What is IMAP?
IMAP is an application layer Internet protocol used for accessing e-mail

on a remote server from a local client.
9. What is WWW?
The WWW is a hypertext-based system that provides a uniform and a

user-friendly interface for accessing the resources on the Internet. It is
an information space in which the items of interest, referred to as
resources, are identified by global identifiers called Uniform Resource
Identifiers (URI).
Catching
Whenever the DNS server gets a query for a name resolution, which is
not in its domain, it searches its databases for server IP address and it is
cached.Whenever a similar query is encountered, it firstcheck the cache
and return the answer. This increases the speed. TTL is a number in sec
( time in sec)
for which the server can cache the information). After this time the
information is invalid and any query should be sent again to
authoritative server.
4. What is the purpose of the route timeout timer?
The purpose of the route timeout timer is to help purge invalid routes
from a RIP node. Routes that are not refreshed for a given period of time
are likely to be invalid because of some change in the network. Thus, RIP
maintains a timeout timer for each known route. When a routes timeout
timer expires, the route is marked invalid but is retained in the table
until the route-flush timer expires.
5.What is email? What are the functions of the user agent in the e-mail
architecture?An email function support five basic function?Ans.
Electronic mail is the most widely used tool in the present world for fast
and reliable communication.It is based on RFC 822. It has two
components from architectural point of view
In the e-mail architecture, the user agent helps users to interact with the
e-mail systems. The functions of the user agent in e-mail architecture
are:
n Composition: It refers to writing the mail. Here users type the message
that they want to convey. The users have to mention the recipients email address.
n Receiving: It refers to retrieving the e-mails from the POP3 server.
n Replying to messages: It refers to replying to a received e-mail. To reply

to the e-mail, the user has to click reply, type the message, and send it
back.
n Support manipulation of mail box: It refers to customization of the

mail box. Here users can create folders and manage the mail according to
the sender.
Email Five basic function:-
1) Composition: Helps in creating message and

answers, supports many functions such as
insertion
of address after extraction from the original message during replying etc.
2) Transfer: Causes movement of message to the destination. Connection

establishments and passage
of message is done here.
3) Reporting: Do involve in reporting the origin of email whether it is

delivered, lost or abandoned.
4) Disposition: Do involve in invoking certain tools to enable reading

email message which come as
attachment. Ex: Adode to read a pdf file attachment.
5) Disposition: Involves, Reading, discarding, savings, replying,

forwarding etc.
6. Discuss the sending and receiving process of e-mail.The prerequisites

for sending and receiving an e-mail are:n Both the sender and recipient
should have an e-mail account.
n The sender must provide the destination address and write a message.
The following is the sequence of the e-mail sending process:
When the sender clicks send, the machine establishes a connection with
the SMTP server by using port 25.
An SMTP configured e-mail daemon/process uses this port. This
daemon/process accepts incoming connections and sends the mails to
its appropriate domain. For example if you send the mail from yahoo.com
to hotmail.com, the mail goes to the yahoo SMTP server, and then the
SMTP server sends it to the POP3 server of hotmail.com.
If a message cannot be delivered, an error report containing the first part

of the undeliverable message is returned to the sender.
In the implementations of POP3, the server maintains a collection of text

files, one for each e-mail account. When a message arrives, the POP3
server simply appends it to the bottom of the recipients file.
The following is the sequence of the e-mail receiving process:
The e-mail client connects to the POP3 server by using port 110. The
POP3 server requires an account name and a password.
After providing a valid username and password, the user gets verified by
the POP3 server.
If the username and password are valid, the POP3 server opens your text
file and allows you to access it.
11. Explain the client side and server side events when a user clicks on a
URL.The client side events when a user clicks on a URL are as follows:
1.The browser locates the URL.
2.The browser asks DNS for the IP address.
3.DNS replies with the IP address.
4.The browser makes the Transmission Control Protocol 5.(TCP)
connection to Port 80 on the machine with the above IP address.
6.The browser sends a request for the specific file.
7.The server sends the required file.
8.The TCP connection is closed.
9.The browser displays all text information.
10.The browser displays all images.
When a user clicks on a URL, the server side events are as follows:
1.Server accepts a TCP connection from a client.

2.Server searches the file associated with the web page.
3.File from the disk is retrieved.
4.The web page is returned to the client.
5.TCP connection is released.
Q.2. How does an audio medium differ from a video medium?
Audio: It deals with only voice. For example, a song or a lecture on any
university site.
Video: It has got both voice and live image, such as a movie, a song, or a
clipping of a lecture.
3. What is the difference between SMTP and POP3?SMTP (Simple Mail

Transfer Protocol) is used for the relaying and delivery of messages. SMTP
by default works on 25 port. An email client sends the email to SMTP
server, The server accepts incoming connections and copies message
from them into the appropriate mailboxes.If a message cannot be
delivered, an error report containing the first part of the undeliverable
message is returned to the sender. SMTP is a simple ASCII protocol.
POP3 (Post Office Protocol) is used for retrieving mails from the mail
server. POP3 by default works on 110 port.
POP3 begins when the user starts the mail client. The mail client
establishes a TCP connection with the message transfer agent at port
110. Once the connection has been established, the POP3 protocol goes
through three states in sequence:
1.
Authorization.
2.
Transactions.
3.
Update.
12. Explain a server farm with an example.
A server farm is a group of networkedservers that are housed in one

location. A server farm streamlines internal processes by distributing the
workload between the individual components of the farm and expedites
computing processes by harnessing the power of multiple servers. The
farms rely on load balancing software that accomplishes the following
tasks:
n Tracking demand for processing power from different machines.
n Prioritizing the tasks.
n Scheduling and rescheduling tasks depending upon priority and

demand that users put on the network.
When one server in the farm fails, another can step in as a backup.
Combining servers and processing power into a single entity has been
relatively common for many years in research and academic institutions.
Today, more and more companies are utilizing server farms as a way of
handling the enormous amount of computerization of tasks and services
that they require.
Server farm, or web farm, refers to either a web site that runs on more
than one server or an Internet Service Provider (ISP) that provides web
hosting services by using multiple servers.
Server compute farms are making their way into large manufacturing
environments for electronic design automation, and to accelerate
processes and complete tasks. A server farm accomplishes this by
harnessing computing power from multiple machines and combining
that power.
Example of a server farm includes Google. Googles services run on

several server farms.
3. Discuss the various stability features of RIP.
The stability features of RIP are:
n Hop-count limit: This feature limits the number of hops allowed in a

path from source to destination. The maximum number of hops in a path
is 15. If for some reasons the router receives a routing update that
contains a new or changed entry, and if increasing the metric value by 1
causes the metric to be infinity (that is, 16), the network destination is
considered unreachable.
n Hold-down timers: This feature is useful in preventing routing

information from flooding the network when network links are unstable.
Split horizons: This feature prevents routing loops within the network.
`110. Discuss the architecture of WWW.
The architecture of WWW is two tiered. It consists of the client and the
server. The client (web browser) requests for a web page. This page is
retrieved from the server. The architecture depends on three key
standards: HTML for encoding document content, Uniform Resource
Locator (URL) for naming remote information objects in a global
namespace, and HTTP for staging the transfer. The following figure shows
the two-tiered architecture of WWW.
If the web pages are interacting with the database, then the architecture
becomes three-tiered, as shown in the following figure.
8. Discuss the working of POP3 in an e-mail system. What are its

limitations?
When users check their e-mail, the e-mail client connects to the POP3
server by using port 110. The POP3 server requires an account name and
a password.The POP3 server issues a series of commands to bring copies
of user e-mail messages to users local machine. Generally, it will then
delete the messages from the server (unless the user chooses the not to
option in the e-mail client).
Once the connection has been established, the POP3 protocol goes
through three stages in sequence:
1.Authorization 2.Transactions 3.Update

The authorization state deals with the user log in. The transaction state
deals with the user collecting
e-mail messages and marking them for
deletion from the mailbox. The update state causes the e-mail messages
to be deleted. During the authorization state, at times, when the server is
set for three passwords trials, if you give the wrong password thrice, your
mail box will get locked.
POP3 servers have certain limitations such as:
n There is no folder structure for sorting e-mail messages that are saved
on the POP3 server. The server has only one folder for incoming mails,
which is the inbox.
n No rules can be set at the POP3 server. All rules are set at the client
end only. If a users machine crashes, e-mail messages can only be
recovered if a copy of them is left on the server.
To check e-mail, users have to download them first and only
n then they can view their mails on the e-mail client software. User
cannot see mails first and then download the
required mails. If there are spam e-mail messages in the inbox that can
be dangerous for the computer, these will also get downloaded and the
user has to delete them
7. Write a brief note on SMTP.SMTP is a protocol that transfers mail

reliably and efficiently. SMTP is independent of a particular transmission
subsystem and needs only a reliable ordered data stream channel. An
important feature of SMTP is its capability to relay mail across transport
service environments.SMTP (Simple Mail Transfer Protocol) is used for
the relaying and delivery of messages. SMTP by default works on 25 port.
An email client sends the email to SMTP server, The server accepts
incoming connections and copies message from them into the
appropriate mailboxes.
If a message cannot be delivered, an error report containing the first part
of the undeliverable message is returned to the sender. SMTP is a simple
ASCII protocol.
1. What is multimedia? Give examples of multimedia data.
Multimedia defines applications and technologies that manipulate text,

data, images, and voice and full motion video objects. Classic example of
multimedia is the games available on CDs or songs and music available
on sites
5. Which two capabilities are supported by RIP2 but are not supported by
RIP1?
Two capabilities, which are supported by RIP2 but not by RIP1, are:
n RIP1 cannot increase the network diameter or disseminate network bit

masks needed to properly interpret routes. Therefore, using RIP1 is a
poor choice for modern networks. An updated version of RIP1, known as
RIPv2 (RIP2) can do this. RIP Version 2 (RIPv2) adds a network mask
and next hop address field to the original RIP packet while remaining
completely compatible with RIP. Thus RIPv2 routers can coexist with RIP
routers without any problems.
n The other improvement that RIPv2 offers over RIP1 is authentication,

which defines the password authentication mechanism for RIPv2 routers
to prevent accidental updates for wrongly configured hosts.
Q. Briefly explain the multimedia applications.
Ans: We consider three broad classes of multimedia

applications:*Streaming stored audio/video: In this class of applications,
clients request on-demand compressed audio or video files that are

stored on servers. Stored audio files might contain audio from a
professors lecture, rock songs, symphonies, archives of famous radio
broadcasts, or archived historical recordings. This class of applications
has three key distinguishing features.
(i)
Stored media: The multimedia content has been
prerecorded and is stored at the server. As a result, a user may pause,

rewind, fast-forward, or index through the multimedia content.
(ii)
Streaming: In a streaming stored audio/video application,
a client begins playout of the audio/video of few seconds after it begins

receiving the file from the server. This means that the client will be
playing out audio/video from one location in the file while it is receiving
later parts of the file from the server. This technique, known as
streaming.
(iii)
Continuous playout:Once playout of the multimedia
content begins, it should proceed according to the original timing of the

recording.*
(iv)
Streaming Live Audio and Video: This class of applications
is similar to traditional broadcast radio and television transmission

emittedfrom any corner or the world. Since streaming live audio/video is
not stored, a client cannot fast-forward through the media. However, with
local storage of received data, other interactive operations such as
pausing and rewinding through live multimedia transmissions are
possible in some applications.
(v)
*Real-Time Interactive Audio and Video: This class of
applications allows people to use audio/video to communicate with each

other in real time. Real-time interactive audio over the Internet is often
referred to as Internet phone, since, from the users perspective, it is
similar to the traditional circuit-switched telephone service.
12. If a directly connected interface is redistributed into BGP, what value

will the original attribute have for the route?
Any redistributed route will have an incomplete value of origin.3. What is

streaming?
Streaming is the process of receiving stored audio/video application from

a server where they are placed. A client begins to play either an audio or
a video once the media player of the clients PC begins receiving the
audio or video file from the server. During the process, the client will be
playing audio/video from one location in the file while it is receiving the
remaining parts of the file from the server. In other words, streaming
avoids long download times and the need to store the entire file on the
users computer.
2. Discuss the different approaches that are used to make a routing table
more efficient.There are many approaches to make a routing table
efficient such as:n Next hop routing: In this technique, the routing table
holds only the address of the next hop instead of holding information
about the complete route. Routing tables are thereby consistent with
each other.
n Network specific routing: In this technique, routing tables are made

smaller so that the search process becomes simpler. Instead of having an
entry for every host connected to the same physical network, we have
only one entry to define the address of the network itself.
Host-specific routing
In host-specific routing, the host address is given in the routing table.
The idea of host-specific routing is the inverse of network-specific
routing. Here efficiency is sacrificed for other advantages:
Although it is not efficient to put the host address in the routing table,
there are occasions in which the administrator wants to have more
control over routing. Host-specific routing is a good choice for certain
purposes such as checking the route or providing security measure.
Default routing
Another technique used to simplify routing is default routing. In Figure

6.6 host A is connected to a
network with two routers. Router R1 is used to route the packets to hosts
connected to network N2.
However, for the rest of the Internet, router R2 should be used. So

instead of listing all networks in the
entire Internet, host A can just have one entry called the default (network
address 0.0.0.0).
A host or a router keeps a routing table, with an entry for each

destination, to route IP packets. The
routing table can be either static or dynamic.
5. What is BW?
BW stands for bandwidth, which is the range within a band of

frequencies or wavelengths. BW can also be defined as the amount of
data that can be transmitted in a fixed amount of time. For digital
devices, bandwidth is usually expressed in bits per second or bytes per
second (bps). For analog devices, bandwidth is expressed in cycles per
second or Hertz (Hz).
7. List out the advantages and disadvantages of WLAN.
The advantages of WLAN are:
n Flexibility: Within radio coverage, nodes can communicate without

further restriction. Radio waves can penetrate walls, and senders and
receivers can be placed anywhere.
n Easy to use: The wireless networks are easy to set-up and use. Just
plug-in a base station and equip your laptops with WLAN cards.
n Robustness: Wireless networks can survive disasters. Networks

requiring a wired infrastructure will break down completely some time. If
one base station goes down, users may be able to physically move their
PCs to be in range of another.
The disadvantages of WLAN are:
n Quality of Service (QoS): WLANs typically offer lower quality than

wired networks. The main reasons for offering low quality are lower
bandwidth due to limitations in radio transmission, higher error rates
due to interference (10-4 instead of 10-10 for fiber optics), and higher
delay/delay variation.
n Vulnerable to interference: If a powerful transmitter operating in the

same band as the wireless network is nearby, the wireless network could
be rendered completely useless.
n Speed: Data speeds drop as the user moves further away from the
access point.
n Operation within limited distance: Devices will only operate at a

limited distance from an access point. Obstacles between the access
point and the user such as walls, glass, water, trees and leaves can also
determine the distance of operation.
n Safety and security: Using radio waves for data transmission might
interfere with other high-tech equipment. Additionally, the open radio
interface makes eavesdropping much easier in WLANs than in the case of
fiber optics.
n
6. What is the maximum network diameter of a RIP network?The
maximum network diameter of a RIP network is 15 hops.7. When using
OSPF, can you have two areas attached to each other where only one
autonomous system (AS) has an interface in Area 0?
Yes, you can. This describes the use of a virtual path. One area has an
interface in Area 0 (legal), and the other AS is brought up and attached
off an ABR in Area 1, so you can call it Area 2. Area 2 has no interface in
Area 0, so it must have a virtual path to Area 0 through Area 1. When
this is in place, Area2 looks like it is directly connected to Area 0. When
Area 1 wants to send packets to Area 2, it must send them to Area 0,
which in turn redirects them back through Area 1 by using the virtual
path to Area 2.
1. What are the drawbacks of RIP?
The drawbacks of RIP are:
RIP takes a long time to stabilize after a router failure or link
failure.
RIP uses more broadcasting than OSPF and hence requires
more network bandwidth.
2. What is the difference between RIP and OSPF?
The main difference between RIP and OSPF is that RIP only keeps track
of the closest router for each destination address whereas OSPF keeps
track of a complete topological database of all connections in the local
network.
4. What are the drawbacks of the present Internet to drive the

multimedia data?
The Internet has some drawbacks with regard to multimedia data. For
example, the media player does not communicate with the streaming
server directly. This delay, before play-out begins, is typically
unacceptable for audio/video clips of moderate length. For this reason,
audio/video streaming implementations typically have the server send
the audio/video file directly to the media player process. In other words,
a direct socket connection is made between the server process and the
media player process
Q. What is SMTP Explain?
Ans: SMTP Simple Mail Transfer Protocol. SMTP is a simple ASCII

protocol. After establishing the TCP connection to port 25, the sending
machine. Operating as the client wits for the receiving machine,
operating as the client waits for the receiving machine operating as the
client waits for the receiving machine operating as the server, to talk fist.
The server start by sending a line of text giving its identity and telling
whether it is prepared to receive a mail. If it is not the client release the
connection and tries again later. To get a better feel for how SMTP and
some of the protocols described in this chapter work, try them out, in all
cases first go to a machine connected to the internet.
On UNIX system
in a shell type: telnet mail.isp.com 25
This command will establish a telnet connection to port 25 on that

machine.
1. What is an electromagnetic spectrum?
The full range of frequencies from radio waves to gamma rays that
characterizes light is called electromagnetic spectrum.
8. Area 0 contains five routers (A, B, C, D, and E). Area 1 contains three
routers (R, S, and T). What router does router T knows? Router S is the
ABR.
Router T knows about routers R and S only. Likewise, Router S only

knows about R and T, as well as routers to the ABR in Area 0. The ASs
separate the areas so that router updates contain only information

needed for that AS.9. Can IBGP be used in place of an IGP (RIP, IGRP,
EIGRP, OSPF, or IS-IS)?
Use of IBGP in place of IGP is conditional.
The next-hop information from EBGP is carried into IBGP. If IBGP does
not have a route to reach the next hop, then the route will be discarded.
Typically, an IGP needs to be used to exchange routes to the next hop,
but this can be achieved by using static routes on all the routers running
IBGP. So, the answer is yes if you want to use and maintain static routes.
Otherwise, you can not use IBGP in place of IGP.11. Can BGP be used by
Internet service providers only?
No. BGP can also be used to scale large enterprise networks. A large
network can be divided into segments, with each segment running an
IGP. Routing information between segments could then be exchanged by
using BGP
Q. Explain real time protocol (RTP)
.Ans: The real-time Transport protocol (RTP) is an internet protocol

standard that specifies that a way for programs to manage the real-time
transmission of multimedia data over either unicast or multicast network
services. RTP typically runs on top of UDP. The sending side
encapsulates a media chunk within an RTP packet, then encapsulates
the packet in a UDP segment, and then within an RTP packet, then
encapsulates the packet in a UDP segment, and then hands the segment
to IP. The receiving side extracts the RTP packet from the UDP segment,
then extracts the media chunk from the RTP packet, and then passes the
chunk to the media player for decoding and rendering.
Q. What is Audio & Video? List and explain the drawback of the current
internet to drive the multimedia data.Ans: Audio: The process of flow of
stream of the sound like speech and enjoyable music is known as Audio.
Sound makes the multimedia program and presentation more exciting
and enjoyable.Video:A video is a sequence of frames, with frames
typically being displayed at a constant rate, for example at 24 or 30
frames per second. An uncompressed, digitally encoded image consists of
an array of pixels, with each pixel encode into a number of bits to
represent luminance and color.
Drawbacks of the current Internet to drive the multimedia data
Multimedia over the Internet has achieved significant but limited

success. For example, streaming stored audio/video with userinteractivity delays of five to ten seconds is now commonplace in the
Internet. But during peak traffic periods, performance may be
unsatisfactory, particularly when intervening links are congested (such
as congested transoceanic links). Internet phone and real-time interactive
video has, to date, been less successful than streaming stored
audio/video. Indeed, real-time interactive voice and video impose rigid
constraints on packet delay and packet jitter. Packet jitter is the
variability of packet delay within the same packet stream. Real-time voice
and video can work well in regions where bandwidth is plentiful, and
hence delay and jitter are minimal. Due to the lack of any special effort
to deliver packets in a timely manner, it is an extremely challenging
problem to develop successful multimedia networking application for the
Internet.
3. Give an example of a streaming server available in the market today.
MediaBox AS-2608 is an embedded streaming server capable of encoding

from eight different inputs of high quality audio through broadband
networks at various stream rates in multiple formats: MPEG4, Real, MP3,
and Vorbis. \
1. What are WLANs?
WLAN is a network that uses high-frequency radio waves rather than

wires to communicate between nodes. WLAN technologies enable users to
establish wireless connections within a local area such as within a
corporate or campus building, or in a public space like airport. IEEE
approved the 802.11 standard for WLANs, which specifies a data transfer
rate of 1-2 Mbps.
2. What is modulation?
Modulation is the addition of information or the signal to an electronic or

optical signal carrier. There are several reasons to modulate a signal
before transmitting signal in a medium. This includes the ability of
various users sharing a medium and making the signal properties
physically compatible with the propagation medium.
5. Explain the conventional encryption model?
Before the development of public key encryption, the conventional

encryption (single-key encryption) was available to secure the networks.
There are two types of encryption, classical encryption and modern

encryption techniques. These are key based algorithms known as
symmetric and public key algorithms.
In conventional algorithms, the encryption key can be calculated from

the decryption key. Alternatively, the decryption key can be calculated
from the encryption key. In these algorithms, the encryption key and the
decryption key are same. These algorithms are also called secret key
algorithms, or the one key algorithm. In this encryption technique, the
sender and receiver agree to use a key before they communicate securely.
The security of the symmetric algorithm rests in the key. The key allows
users to encrypt and decrypt messages by using any encryption and
decryption algorithms
3. What is a carrier signal?

A carrier signal is a specific frequency in an analog communication
channel that is modulated with an information-carrying signal. Carrier
signals are commonly used in Amplitude Modulation (AM), Frequency
Modulation (FM), and other radio transmissions to differentiate among
channels. You turn a radio dial to select a carrier frequency. The radio
then amplifies the signal carried on the selected frequency. In AM,
modulation changes the strength or amplitude of the carrier signal. In
FM, the frequency of the carrier signal is modulated.4. Define SNR.
SNR stands for Signal-to-Noise Ratio. It is the ratio between the typical
signal level and the softest signal that can be produced accurately.
1. What is UDP?
The User Datagram Protocol (UDP) is one of the core protocols of the
Internet protocol suite. By using UDP, programs on networked computers
can send short messages known as datagrams to one another. However,
UDP does not provide the reliability and ordering guarantees that TCP
provides.
2. What is ATM AAL5?
Asynchronous Transfer Mode Adaptation Layer Type 5 (ATM AAL5) is a

protocol that provides virtual connections between end stations attached
to the same network. ATM AAL5 supports variable bit rate and delaytolerant connection-oriented data traffic requiring minimal sequencing or
error detection support.
1. What are the advantages of cryptography?
Cryptography is all about increasing the level of privacy of individuals

and groups. It not only protects the confidentiality of any companys
information but also allows anyone to order a product over the Internet
without the fear of the credit card number being intercepted by any
malicious attempt. For example, cryptography is often used to prevent
forgers from counterfeiting winning lottery tickets. Each lottery ticket can
have two numbers printed onto it, one plaintext and the other its
corresponding cipher.
Q. Explain classical encryption techniques?
Ans:- A study of these techniques illustrates the basic approaches to

conventional encryption used in the present scenario. Before computers,
cryptography consisted of character-based algorithms. Different
cryptographic algorithms were used.Most good cryptographic algorithms
combine the elements of substitution and transposition.
In the classical encryption techniques there are four types of substitution
ciphers:
1. A simple substitution cipher or monoalphabetic cipher- This is the one

in which each character of the plaintext is replaced with a corresponding
character of cipher text. The cryptograms in newspapers are simple

substitution ciphers.
2. A homophonic substitution cipher is like a simple substitution

cryptosystem, except a single character of plaintext can map to one of
several characters of cipher text.
3. A Polygram substitution cipher is one in which blocks of characters

are encrypted in-groups.
4. A polyalphabetic substitution cipher is made up of multiple simple

substation ciphers. For example, there might be five different simple
substation ciphers used; the particular one used changes with the
position of each character of plaintext.
Q. What is Hill cipher and describe?
Ans:-This is the multi letter cipher algorithm developed by the

mathematician Lester Hill in 1929. The encryption algorithm takes m
successive plaintext letters and substitutes for them m cipher text letters.
The substitution is determined by m linear equations in which each
character is assigned a numerical value(a=0,b=1,.z=25). For m=3.
Q. What is the purpose of the Timeout timer?
Ans: The timeout timer is used to help purge invalid routes from a RIP
node. Route that arent refreshed for a given period of time are likely
invalid because of some change in the network. Thus, RIP maintains a
timeout timer for each known route. When a routes timeout timer
expires, the route is marked invalid but is retained in the table until the
route-flush timer expires.
Q. Can IBGP be used in place of an IGP (RIP, IGRP, EIGRP, OSPF, or

ISIS)?
Ans: Yes and no. Remember that the next-hop information from EBGP is
carried into IBGP. If IBGP does not have a route to reach the next hop,
then the route will be discarded. An IGP needs to be used to exchange
routes to the next hop, but this can be achieved by using static routes on
all the routes running IBGP. So, the answer is yes if you want to use and
maintain static routes. Otherwise, the answer is no.
10. Assume that a BGP router is learning the same route from two
different EBGP peers. The AS_path information from peer 1 is {2345, 86,
51}, and the AS_path information from peer 2 is {2346, 51}. What BGP
attributes could be adjusted to force the router to prefer the route
advertised by peer 1? Weight and local preference are two BGP attributes
that make adjustments to force the router to prefer the route advertised
by peer 1. Both have a higher preference than AS_path length. Weight
and local preference. Both have a higher preference than AS_path length.
The local preference (LOCAL_PREF) attribute is a well-known
discretionary attribute. The local preference attribute is a degree of

preference given to a route to compare it with other routes for the same
destination. A higher local preference value indicates that the route is
more preferred. Local preference, as indicated by the name, is local to the
autonomous system and is exchanged between IBGP peers only. An AS
connected via BGP to several other ASs will get routing updates about
the same destinations from different ASs. Local preference is usually
used to set the exit point of an AS to reach a certain destination. Because
this attribute is communicated within all BGP routers inside the AS, all
BGP routers will have a common view of how to exit the AS.Ciscos
proprietary weight parameter is similar to the local preference in that it
gives higher preference to the route that has a higher weight. The
difference is that the weight parameter is local to the router and is not
exchanged between routers, even internal to an AS. The weight parameter
influences routes received from different providers by the same router (for
example, one router with multiple connections to two or more providers).
The weight parameter has a higher precedence than any other BGP
attribute; it is used as a proprietary switch to determine route
preference.
Q. Explain real time streaming protocol (RTSP).
Ans: RTSP is a protocol that allows a media player to control the

transmission of a media stream. RTSP is an out-of-band protocol. Many
Internet multimedia users will want to control the playback of
continuous media by pausing playback, repositioning playback to a
future or past point of time, fast-forwarding playback visually, rewinding
playback visually, and so on. Real-time streaming protocol (RTSP),
defined in RFC 2326.
Q.What is Monoalphabetic Ciphers?
With only 25 possible keys, the Caesar cipher is far from secure. A
sequential increase in the key space can be achieved by allowing an
arbitrary substation. The cipher line can be any permutation of the 26
alphabetic characters, then there are 26! Or greater than 41026
possible keys. This is 10 orders of magnitude greater than the key space
for DES and would seem to eliminate brute force techniques to
cryptanalysis.
Q. What is Caesar Cipher?
Ans:- This is the most famous substitution algorithm, in which each

plaintext character is replaced by the character three to the right modulo
26. ( i,e A is replaced D , B is replaced by E) For example:
Plain: m e e t m e t o m o r r o w
Cipher: PHHW PH WRPRUURZ
7. Explain the audio streaming process.
Audio streaming is the transfer of audio-encoded packets that are

decoded and sent to the clients soundcard upon reception. The host side
is responsible for encoding and packetizing the audio stream. The client
side is responsible for decoding the packets and sending the decoded
audio to the sound card.
There are delays inherent in the overall system. These delays are
contributed by the encode/decode delay, transfer delay, buffer delay,
modem delay, sound card delay, and other delays. As long as the delays
are kept constant, then the audio will be delivered uninterrupted.
9. Discuss the architecture of WLAN.
WLAN architecture consists of three components:
n Wireless end stations
n Access points
n Basic service sets (BSS)
The wireless end station can be any device that can communicate using
the 802.11 standard. These devices include laptops, workstations, and
PDAs, as well as printers and scanners.
The access point (AP) is a device. It acts as a network platform for

connections between WLANs or to a wired LAN and as a relay between
stations attached to the same AP.
BSS(Basic service sets) is the logical component of wireless architecture.

In general, it is a set of wireless stations controlled by a single
management function and has two configuration options that is,
Infrastructure BSS (IBSS) and Extended Service Set (ESS).
In an IBSS, the stations communicate directly to one another without the

need for an access point. An ESS is a set of infrastructure BSSs that
appear as a single BSS. This is important for connection redundancy but
has some security issues that need to be addressed.
2. What is the disadvantage of a transposition cipher?The disadvantage

of a transposition cipher is that such ciphers are considerably more
laborious and error prone than simpler ciphers.
3. What is cryptology?
The study of both cryptography (enciphering and deciphering) and

cryptanalysis (breaking a code system) together is called cryptology.
3. What is wavelength?
Wavelength is the distance between the repeated units of a wave pattern.

2.Explain cryptographic algorithms.
A cryptographic algorithm, also referred to as cipher, is a mathematical

function used in the encryption and decryption process. A cryptographic
algorithm works in combination with a key. The key may be a word,
number, or phrase used to encrypt the plain text, also called a message.
The plain text encrypts to cipher text with different keys. The security of
encrypted data is entirely dependent on the strength of the cryptographic
algorithm and the secrecy of the key.
. Explain conventional encryption model & List the different

cryptographic algorithms.Ans:-Conventional encryption also referred as
symmetric encryption or single-key encryption, was the only type of
encryption in use prior to the development of public key encryption.
There are two general types of encryption (i,e, Classical encryption and
Modern encryption) techniques. These are key basedalgorithms i.e,
symmetric and public key algorithms. In conventional algorithms the
encryption key can be calculated from the decryption key and vice versa.
In these algorithms, the encryption key and the decryption key are the
same. These algorithms are also called secret key algorithms, or one key
algorithm.
In this the sender and receiver agree on a key before they communicate
securely. The security of the symmetric algorithm rests in the key. The
key means that anyone could encrypt and decrypt messages using any
encryption and decryption algorithms. Encryption and decryption with a
conventional algorithm are denoted by:
Ek(M)=C where M is message, E Encryption C-Ciphertext or Encrypted

message
Dk(C)=M where D Decryption K this subscript stands for denoting
There are some Cryptographic Algorithms.
1>Caesar Cipher
2>Monoalphabetic Ciphers
3>Playfair Cipher
4> Hill cipher
5>Transposition Ciphers Example of the
10. Briefly explain the WLAN protocol architecture.In a typical WLAN

setup, the IEEE 802.11 standard WLAN (Access Point) gets connected to
an IEEE 802.3 standard Ethernet (Switch/HUB) via a bridge. The higher
layers (application, TCP, IP) look the same for the wireless node as for the
wired node. The IEEE 802.11 standard only covers the physical layer
(PHY) and medium access layer (MAC) like the other 802.x LANs do. The
physical layer is sub divided into the Physical Layer Convergence Protocol
(PLCP) and the Physical Medium Dependent Sub Layer.The basic tasks of
the MAC layer comprise medium access, fragmentation of user data, and
encryption. The PLCP sublayer provides a carrier sense signal called
Clear Channel Assessment (CCA), and provides a common PHY interface
for the MAC, which is independent of the transmission technology.
11. Write a note on DSSS.
Direct Sequence Spread Spectrum (DSSS) is the alternative spread

spectrum method, in which the signal is spread over a wide range of
frequencies using a chipping code. In the case of IEEE 802.11 DSSS,
spreading is achieved by using the 11-chip sequence (+1,-1,+1,+1,1,+1,+1,+1,-1,-1,-1), which is also called the Barker code.
2. What are radio waves?
Radio waves are electromagnetic radiations that have the lowest

frequency, the longest wavelength, and are produced by charged particles
moving back and forth. The atmosphere of the earth is transparent to
radio waves with wavelengths from a few millimeters to about 20 meters.
6. What is Steganography?
Ans. Stenography hides the message (secrete) in other messages.

Generally the sender writes an innocuous message and then conceals a
secret message on the same piece of paper. Historical tricks include
invisible inks, tiny pin punctures on selected characters, minute
differences between handwritten characters, pencil marks on typewritten
character, grilles which cover most of the message except for a few
characters and so on.
Some examples are listed below:
A few examples of steganography are:
n Character marking: Selected letters of printed or type written text are

overwritten in pencil. The marks are ordinarily not visible unless the
paper on which text is printed or type written is held at an angle to
bright light.
n Invisible ink: A number of substances can be used for writing but the
ink leaves no visible trace until heat or a specific chemical is applied to
the paper.
n Pin punctures: Small pin punctures on selected letters are ordinarily

not visible unless the paper is held up in front of a light.
Typewriter correction ribbon: This is a black ribbon used between typed

lines typed. The results of typing with the correction tape are visible
CHAPTER THREE
RTSP
The RTSP is a client-server application-level protocol that controls the

delivery of data with real-time properties. RTSP establishes and controls
either a single or several time-synchronized streams of continuous
media, such as audio and video. RTSP uses the transport protocols such
as User Datagram Protocol (UDP), multicast UDP, Transmission Control
Protocol (TCP), and Real-Time Transport Protocol (RTP) to deliver the
continuous streams. It acts as a network remote control for multimedia
servers. Sources of data can include both live data feeds and stored clips.
Q. Explain the why audio and video need to be compressed?
Ans: Raw Audio and Video samples after digitization occupy a large
amount of space. Therefore audio and video are compressed before being
sent through the network. The need for digitization is obvious: computer
networks transmit bits, so all transmitted information must be
represented as a sequence of bits. Compression is important because
uncompressed audio and video consume a tremendous amount of
storage and bandwidth.
n only in good light.
4. Briefly explain security mechanisms.
Mechanisms that ensure security of an organization are known as

security mechanisms. Encryption or encryption like transformations of
information is the most common means of providing security.
There are certain common information integrity functions to secure

network/data like identification, validation, authorization, time of
occurrence, signature, authenticity, concurrence, ownership, receipts,
registration, endorsement, privacy, access, and endorsement.
Q. Explain anyone algorithm for routing?
Ans: The Shortest Path First (SPF) routing algorithm is the basis for
OSPF operations. When an SPF router is powered up, it initializes its
routing-protocol data structures and then waits for indications from
lower-layer protocols that its interfaces are functional. After a router is
assured that its interfaces are functioning, it uses the OSPF Hello
protocol to acquire neighbors, which are routers with interfaces to a
common network. The router sends hello packets to its neighbors and
receives their hello packets. In addition to helping acquire neighbors,
hello packets also act as keepalives to let routers know that other routers
are still functional. On multiaccess networks (networks supporting more
than two routers), the Hello protocol elects a designated router and a
backup designated router. Among other things, the designated router is
responsible for generating LSAs for the entire multiaccess network.
Designated routers allow a reduction in network traffic and in the size of

the topological database.
Q. What is packet Jiter .
Ans:- A crucial component of end-to-end delay is the random queuing

delays in the routers. Because of these varying delays within the
network, the time from when a packet is generated at the source until it
is received at the receiver can fluctuate from packet to packet. This
phenomenon is called jitter. As an example, consider two consecutive
packets within a talk spurt in our Internet phone application. The sender
sends the second packet 20 msec after sending the first packet.
Q. Explain the playfair cipher OR Explain anyone cryptographic

algorithm with suitable example.
Ans:- Playfair Cipher
The well known multiple letter encryption cipher is the playfair, which
treats diagrams in the plaintext as single units and translates these
units into ciphertext diagrams. The playfair algorithm is based on the
use of a 55 matrix of letters constructed using a keyword.
Plaintext is encrypted two letters at a
time, according to the following rules:
1. Repeating plaintext letters that would fall in the same pair are
separated with a filler letter, such as x, so that bolloon would be
enciphered as ba lx lo on.
2. Plaintext letters that fall in the same row of the matrix are each
replaced by the letter to the right, with first element of the row circularly
following the last. For example, ar is encrypted as RM.
3. Plaintext letters that fall in the same column are each replaced by the
letter beneath, with the top element of the row circularly following the
last. For example, mu is encrypted as CM.
4. Otherwise, the letter that lies in its own row replaces each plaintext
letter and the column occupied by the other plaintext letter. Thus, hs
becomes BP and ea becomes IM(or JM, as the encipherer wisher).
The palyfair cipher is a great advance over simple monoalphabetic

ciphers.
Transposition Ciphers
In a transposition cipher the plaintext remains the same, but the order of
characters is shuffled around. In a simple columnar transposition cipher,
the plaintext is written horizontally onto a piece of graph paper of fixed
width and the ciphertext is read off vertically seen the following example.
Decryption is a matter of writing the ciphertext vertically onto a piece of
graph paper of identical width and then reading the plain text off
horizontally.
Plaintext: COMPUTER GRAPHICS MAY BE SLOW BUT AT LEAST ITS
EXPENSIVE
COMPUTERGR
APHICSMAYB
ESLOWBUTAT
LEASTITSEX
PENSIVE
Ciphertext:
CAELPOPSEEMHLANPIOSSUCWTITSBIVEMUTERATSGYAERBTX
Q. What is cryptography? Give the model of internet security.
Ans: Cryptography : Cryptography is the science of using mathematics to

encrypt and decrypt data. Cryptography enables us to store sensitive
information or transmit it across insecure networks (like the Internet) so
that it cannot be read by anyone except the intended recipient.
Cryptography is the science of securing data, whereas the cryptanalysis
is the science of analyzing and breaking secure communication.
Model of Internet security: A message is to be transferred form one
party to another across some sort of Internet. The two parties, who are
the principals in this transaction, must cooperate for the exchange to
take place. A logical information channel is established by defining a
route through the Internet from source to destination and by the
cooperative use of communication protocols
by the two principals.
Model for network security
(i) A security-related transformation on the information to be sent.
(ii) Some secret information shared by the two principals and it is hoped,
unknown to the opponent.
Q. What is streaming?
Ans: Streaming:In a streaming stored audio/video application, a client

begins playout of the audio/video of few seconds after it begins receiving
the file from the server. This means that the client will be playing out
audio/video from one location in the file while it is receiving later parts of
the file from the server. This technique, known as streaming, avoids
having to download the entire file (and incurring a potentially long delay)
before beginning playout. There are many streaming multimedia
products, such as RealPlayer, QuickTime and Media Player.
11. Explain how does the helper application get data from a streaming
server.
Getting data from streaming server to helper application like the media
player requires at least two servers where data is placed. One server is
the HTTP server, and the second server is the streaming server.
For example, when a user visits any songs/news web site, the web
browser communicates with the web server where the user chooses the
file that has music or news. The moment the user clicks any media file;
media player requests for the media file to the streaming server and user
receives the media file on the media player
9. What are the limitations of the best effort service? Explain.
Limitations of the best effort service are:
n Packet loss: As a IP datagram crosses through a network over UDP, it

passes through buffers in the routers in order to access outbound links.
It is possible that one or more of the buffers in the route from sender to
receiver is full and cannot admit the datagram. In this case, the IP
datagram is discarded, never to arrive at the receiving application. Loss
could be eliminated by sending the packets over TCP rather than over
UDP.
n Excessive end-to-end delay: End-to-end delay is the accumulation of

transmission, processing, and queuing delays in routers, propagation
delays in the links, and end-system processing delays.
n Packet jitter: A crucial component of end-to-end delay is the random

queuing delays in the routers. Because of these varying delays within
the network, the time from when a packet is generated at the source until
it is received at the receiver can fluctuate from packet to packet. This
phenomenon is called jitter.
9. What are the limitations of the best effort service? Explain.
Limitations of the best effort service are:
n Packet loss: As a IP datagram crosses through a network over UDP, it

passes through buffers in the routers in order to access outbound links.
It is possible that one or more of the buffers in the route from sender to
receiver is full and cannot admit the datagram. In this case, the IP
datagram is discarded, never to arrive at the receiving application. Loss
could be eliminated by sending the packets over TCP rather than over
UDP.
n Excessive end-to-end delay: End-to-end delay is the accumulation of

transmission, processing, and queuing delays in routers, propagation
delays in the links, and end-system processing delays.
n Packet jitter: A crucial component of end-to-end delay is the random

queuing delays in the routers. Because of these varying delays within
the network, the time from when a packet is generated at the source until
it is received at the receiver can fluctuate from packet to packet. This
phenomenon is called jitter.
12. Explain RTSP.
RTSP is a protocol that enables a media player to control the

transmission of a media stream. RTSP messages use the port number
544 from the media stream. The RTSP specification, RFC 2326, permits
RTSP messages to be sent over TCP or UDP.
RTSP server keeps a track of the state of the client for each ongoing
RTSP session. For example, the server keeps track of whether the client
is in an initialization state, a play state, or a pause state. The session and
sequence numbers, which are part of each RTSP request and response,
help the server to keep track of the session state. The session number is
fixed throughout the entire session; the client increments the sequence
number each time it sends a new message; the server echoes back the
session number, and the current sequence number.
8. What is a streaming server?Streaming servers are meant for the

audio/video streaming applications. Upon client request, a server directs
an audio or a video file to the client by sending the file into a socket. Both
the TCP and UDP socket connections are used. Before sending the
audio/video file to a network, the file is segmented, and the segments are
typically encapsulated with special headers appropriate for audio and
video traffic.Streaming servers send digital video for news,
entertainment, or educational content over the Internet by using
RTP/RTSP. A multimedia file gets uploaded on the server and streaming
servers encodes content in the latest media formats including MPEG- 4
(Moving Picture Expert Group) and the AAC (Advanced Audio Coder)
audio.
6. Why do audio and video file need to be compressed?
Compression is required to reduce the size of audio and video so that

they can be easily transmitted over the Internet.
For example, a single image consisting of 1024 pixel * 1024 pixels, with
each pixel encoded into 24 bits requires 3 MB of storage without
compression. There are eight bits, three each for the colors red, green,
and blue. It would take approximately seven minutes to send the image
over a 64 kbps link. If the image is compressed at a modest 10:1
compression ratio, the storage requirement is reduced to 300 Kbytes and
the transmission time also drops by a factor of 10.
Q. With neat diagram explain RTP2 packet format?
Ans: The RIP 2 specification (described in RFC 1723) allows more

information to be included in RIP packets and provides a simple
authentication mechanism that is not supported by RIP.
CommandIndicates whether the packet is a request or a response. The

request asks that a router send all or a part of its routing table. The
response can be an unsolicited regular routing update or a reply to a
request. Responses contain routing table entries. Multiple RIP packets
are used to convey information from large routing tables.
VersionSpecifies the RIP version used. In a RIP packet implementing

any of the RIP 2 fields or using authentication, this value is set to 2.
UnusedHas a value set to zero.
Address-family identifier (AFI)Specifies the address family used.

RIPv2s AFI field functions identically to RFC 1058 RIPs AFI field, with
one exception: If the AFI for the first entry in the message is 0xFFFF, the
remainder of the entry contains authentication information. Currently,
the only authentication type is simple password.
Route tagProvides a method for distinguishing between internal

routes (learned by RIP) and external routes (learned from other
protocols).
IP addressSpecifies the IP address for the entry.
Subnet maskContains the subnet mask for the entry. If this field is
zero, no subnet mask has been specified for the entry.
Next hopIndicates the IP address of the next hop to which packets for
the entry should be forwarded.
MetricIndicates how many internetwork hops (routers) have been

traversed in the trip to the destination. This value is between 1 and 15
for a valid route, or 16 for an unreachable route.
Routing Protocols
Routing protocol refers to a protocol that enables routing through

implementation of a routing algorithm. A routing algorithm is an
algorithm that determines the possible route through which data packets
would reach the destination.
Some of the routing protocols are:
n Interior Gateway Routing Protocol (IGRP)
n Cisco Discovery Protocol (CDP)
Hot Standby Router Protocol (HSRP
CDP
CDP is a media and protocol-independent device-discovery protocol that

runs on all Cisco-manufactured equipment including routers, access
servers, bridges, and switches. By using CDP, a device can advertise its
existence to other devices and receive information about other devices on
the same Local Area Network (LAN) or on the remote side of a Wide Area
Network (WAN).
1. What is routing? Differentiate between the two types of routing, direct

routing and indirect routing.
Routing is the process of moving information across an internetwork

from a source router to a destination router. Routing occurs at the third
layer of the Open System Interconnect (OSI) model, known as the
network layer. Routing protocols use metrics to evaluate what path will
be the best for a packet to travel.
The differences between direct routing and indirect routing are as follows.
Direct Routing
In direct routing, packet delivery occurs when the source and destination
of the packet is located on the same physical network or if the packet
delivery is between the last router and the destination host
In direct routing, the address mapping is between the IP address of the

final destination and the physical address of the final destination.
A packet delivery always involves one direct routing
Routing ProtocolsRouting protocol refers to a protocol that enables

routing through implementation of a routing algorithm. A routing
algorithm is an algorithm that determines the possible route through
which data packets would reach the destination.Some of the routing
protocols are:
n Interior Gateway Routing Protocol (IGRP)
n Cisco Discovery Protocol (CDP)
n Hot Standby Router Protocol (HSRP)
Q. Discuss different approaches used to make the routing table more

efficient OR Different form of routing.
Ans: Approach used to make the routing table more efficient.
(i) Next hop routing : In this technique the routing table holds only the
address of the next hop instead of holding information about the
complete route. Routing tables are thereby consistent with each other.
(ii) Network specific routing : In this technique instead of having an
entry for every host connected to the same physical network, we have
only one entry to define the address of network itself.
(iii) Host Specific routing: In this routing the host address is given in
the routing table. It is a good choice for certain purpose such as checking
the route or providing security measure.
(iv) Default Routing: This routing is used to simplify routing. In this
routing instead of listing all network in the entire internet. Host a can
just have one entry called the default.
IGRP
IGRP is a distance vector Interior Gateway Protocol (IGP). IGRP

mathematically compare routes by using some measurements of
distance. This measurement is known as the distance vector. Routers
send all or a portion of their routing table in a routing-update message at
regular intervals to each of their neighboring routers if the router is
using a distance vector protocol. As routing information propagates
through the network, routers can identify new destinations as they are
added to the network, learn about the failures in the network, and
calculate distances to all known destinations.
Indirect Routing
In indirect routing, the packet goes from router to router until it reaches
the router connected to the same physical network as its final
destination.
\ In an indirect routing, the address mapping is between the IP address

of the next router and the physical address of the next router.
A packet delivery may or may not involve indirect routing
RTP
RTP defines a standardized packet format for delivering audio and video
over the Internet. It was developed by the audio and video transport
working group of the Internet Engineering Task Force (IETF) and first
published in 1996 as RFC 1889.
RTP does not have a standard TCP or UDP port from which it
communicates. The only standard that it obeys is that UDP
communications are done on an even port and the next higher odd port
is used for TCP communications. RTP uses UDP and defines format for
additional information required by an application such as sequence
number and time stamp.
REAL-TIME TRANSPORT CONTROL PROTOCOL (RTCP)
RTCP is the protocol that gathers transmission statistics during the

transmission of multimedia data from a streaming server to a client
machine. RTCP gathers information such as bytes sent, packets sent,
lost packets, jitter, feedback, and round trip delay. To get this
information, RTCP monitors data delivery from the streaming server to
the receivers machine and enables the receiver to detect if there is any
packet loss and compensates for any delay jitter.
RTCP works with RTP in the delivery and packaging of multimedia data
but does not transport any data. It also does not provide any flow
encryption or authentication means by itself. It is used periodically to
transmit control packets to participants in a streaming multimedia
session. The primary function of RTCP is to provide feedback on the
quality of service being provided by RTP.
SMTPSMTP is a protocol that is used for sending e-mail messages.

Whenever a user sends an e-mail by using e-mail clients such as Outlook
Express, the client uses SMTP to transfer the e-mail to the mail server.Email is routed to an intermediate mail server, which then delivers it to
the recipients mail server. For example, a company with several servers
has designated one server as a mail gateway to the Internet. Any e-mail
sent to the company would arrive at the gateway server, and then be
relayed to the appropriate server for delivery to the recipient.
However, malicious users sometimes try to perform unauthorized mail
relaying. For example, a spammer who has a low-end server and a slow
network connection might use mail relaying in order to get other
companys higher-powered mail server and a fast network connection to

send spam mail on their behalf.
Even worms can use some other server and network to send mass mails.
Many worm programs are used today to send mass junk e-mails to
disturb networks. Sending mass spam mails is an unlawful activity. The
following table lists ports about a few more protocols.
DNS
DNS is an Internet service that translates domain names to IP addresses.

Every time you query or use a domain name, a DNS server translates the
domain name into its corresponding IP address. The DNS server uses
cache to resolve queries. The server cache is a part of the memory that
stores the recently accessed information. Caching enables fast responses
to the DNS queries. It also reduces network traffic because the DNS
server can gather responses for queries from its cache, rather than
sending the queries to the other DNS servers.
The DNS server collects and stores all the information that it receives
when a query is processed. The server retains this information in the
server cache till the specified time-period in the resource record. This
time-period is called the time-to-live (TTL) value of the returned record
information.
After caching, the TTL value starts decreasing so that the server knows
when to delete the resource record. The record is marked for deletion,
when the TTL value reaches zero.
Consider an example. An organization has a 1,000 machine setup with a

domain controller, three additional domain controllers, and few
application servers, such as web servers, database servers, and few file
servers. Domain controller is also a DNS server for the organization.
Software developers access these servers and other machines for their
day-to-day work. They notice that it takes a longer time to access servers
and machines with the machine name as compared to the time taken
when they access machines with the IP addresses. The reason for this is
that the DNS server is loaded and therefore, it slows down while
resolving queries. After a query is resolved, the DNS server cache gets
deleted. This can be resolved by creating a cache on another DNS server.
This will help the DNS server to resolve queries faster.
The TTL value indicates the time for which a DNS client can use a DNS
record before deletion of the record or before the record expires. Users
can specify the TTL value for a DNS record in seconds.
The minimum default value of the TTL for records created by the DNS
server is 3600 seconds. A short TTL value results in heavy DNS traffic. A
large TTL value causes the server to reply to queries by using outdated
resource records.
HSRP
HSRP is a routing protocol that provides backup to a router in the event
of the failure of the router.
HSRP provides network redundancy for IP networks. It ensures that user

traffic recovers immediately and transparently from first hop failures in
network edge devices or access circuits.
TIMERS IN RIP
RIP uses three timers to support its operation:
n Periodic Timer: The Periodic timer controls the advertising of regular

update messages. Although the protocol specifies that the timer must be
set to 30 seconds, the working model uses a random number between
25 and 35 seconds. This is to prevent any possible synchronization and,
therefore, prevent overload on the network if the routers update
simultaneously. Each router has one periodic timer that is set randomly
to a number between 25 and 35 seconds. When the counter reaches zero,
the update message is sent to the other routers and the timer is
randomly set once again.
n Expiration Timer: The expiration timer checks the validity of a route.

When a route receives the update information from the other routers for
a specific route, the expiration timer is set to 180 seconds. Every time a
new update for the route is received, the timer is reset. In normal
situations, this occurs every 30 seconds. However, if there is a problem
on the Internet and no update is received within the allocated 180
seconds, the route is considered expired and the hop count of the route
is set to 16.
Garbage Collection Timer: When the information about a route becomes

invalid, the router does not immediately purge that route from its table.
Instead, it continues to advertise the route with a metric value of 16. At
the same time, a timer called Garbage Collection Timer is set to 120
seconds for that route. When the count reaches zero, the route is purged
from the table. This timer allows the neighboring routers to become
aware of the invalidity of a route prior to purging
Q. Discuss an IP RIP packet format.Ans: An IP RIP Packet Consists of

Nine FieldsCommandIndicates whether the packet is a request or a
response. The request asks that a router send all or part of its routing
table. The response can be an unsolicited regular routing update or a
reply to a request. Responses contain routing table entries. Multiple RIP
packets are used to convey information from large routing tables.
Version numberSpecifies the RIP version used. This field can signal
different potentially incompatible versions.
ZeroThis field is not actually used by RFC 1058 RIP; it was added
solely to provide backward compatibility with pre-standard varieties of
RIP. Its name comes from its defaulted value: zero.
Address-family identifier (AFI)Specifies the address family used. RIP is

designed to carry routing information for several different protocols. Each
entry has an address-family identifier to indicate the type of address
being specified. The AFI for IP is 2.
AddressSpecifies the IP address for the entry.
MetricIndicates how many internetwork hops (routers) have been

traversed in the trip to the destination. This value is between 1 and 15
for a valid route, or 16 for an unreachable route.
IGRP
IGRP is a distance vector Interior Gateway Protocol (IGP). IGRP

mathematically compare routes by using some measurements of
distance. This measurement is known as the distance vector. Routers
send all or a portion of their routing table in a routing-update message at
regular intervals to each of their neighboring routers if the router is
using a distance vector protocol. As routing information propagates
through the network, routers can identify new destinations as they are
added to the network, learn about the failures in the network, and
calculate distances to all known destinations.
CDP
CDP is a media and protocol-independent device-discovery protocol that

runs on all Cisco-manufactured equipment including routers, access
servers, bridges, and switches. By using CDP, a device can advertise its
existence to other devices and receive information about other devices on
the same Local Area Network (LAN) or on the remote side of a Wide Area
Network (WAN).
3. What is a metric? What are some of the metrics used by the routing
protocols?
A metric is a standard of measurement, such as path bandwidth, which

is used by routing algorithms to determine the optimal path to a
destination.
Some of the metrics used by the routing protocols are path length,
reliability, delay, bandwidth, load, and communication cost.
OPEN SHORTEST PATH FIRST
Open Shortest Path First (OSPF) is a routing protocol developed for

Internet Protocol (IP) networks by the Interior Gateway Protocol (IGP)
working group of the Internet Engineering Task Force (IETF).
The working group was formed in 1988 to design an IGP based on the
Shortest Path First (SPF) algorithm for use in the Internet. Similar to the
Interior Gateway Routing Protocol (IGRP), OSPF was created because in
the mid-1980s, the Routing Information Protocol (RIP) was increasingly
incapable of serving
large, heterogeneous internetworks. This chapter examines the OSPF

routing environment, underlying
routing algorithm, and general protocol components.
OSPF was derived from several research efforts, including Bolt, Beranek,
and Newmans (BBNs)
SPF algorithm developed in 1978 for the ARPANET (a landmark packetswitching network developed in OSPF has two primary characteristics.
The first is that the protocol is open, which means that its
specification is in the public domain. The OSPF specification is published

as Request For Comments
(RFC) 1247. The second principal characteristic is that OSPF is based on

the SPF algorithm, which
sometimes is referred to as the Dijkstra algorithm, named for the person

credited with its creation.
OSPF is a link-state routing protocol that calls for the sending of linkstate advertisements (LSAs) to
all other routers within the same hierarchical area. Information on

attached interfaces, metrics used, and
other variables is included in OSPF LSAs. As OSPF routers accumulate

link-state information, they use
the SPF algorithm to calculate the shortest path to each node.
As a link-state routing protocol, OSPF contrasts with RIP and IGRP,

which are distance-vector routing
protocols. Routers running the distance-vector algorithm send all or a

portion of their routing tables inrouting-update messages to their
neighbors.
l Prefer the path with the lowest IP address, as specified by the BGP
router ID.
An AS can be divided into a number of areas, which are groups of

contiguous networks and attached hosts. Routers with multiple
interfaces can participate in multiple areas. These routers, which are
called Area Border Routers, maintain separate topological databases for
each area.
A topological database is essentially an overall picture of networks in

relationship to routers. The topological database contains the collection
of LSAs received from all routers in the same area. Becauserouters
within the same area share the same information, they have identical
topological databases.
The term domain sometimes is used to describe a portion of the network

in which all routers haveidentical topological databases. Domain is
frequently used interchangeably with AS.
An areas topology is invisible to entities outside the area. By keeping
area topologies separate, OSPF
n ComputerToFind: Looks up for complete information such as DNS

name and IP address of a computer system by using the current default
DNS name server.
n Server: Specifies to use this server as the DNS name server. If you
omit Server parameter, the default DNS name server is used.
SMTP
SMTP is a protocol that is used for sending e-mail messages. Whenever a

user sends an e-mail by using e-mail clients such as Outlook Express,
the client uses SMTP to transfer the e-mail to the mail server.
E-mail is routed to an intermediate mail server, which then delivers it to

the recipients mail server. For example, a company with several servers
has designated one server as a mail gateway to the Internet. Any e-mail
sent to the company would arrive at the gateway server, and then be
relayed
to the appropriate server for delivery to the recipient.
However, malicious users sometimes try to perform unauthorized mail

relaying. For example, a spammer who has a low-end server and a slow
network connection might use mail relaying in order to get other
companys higher-powered mail server and a fast network connection to
send spam mail on their behalf.
Even worms can use some other server and network to send mass mails.
Many worm programs are used today to send mass junk e-mails to
disturb networks. Sending mass spam mails is an unlawful activity. The
following table lists ports about a few more protocols.
RTP/RTCP provides functionality and control mechanisms
necessary for carrying real-time content. But RTP/RTCP itself is not

responsible for the higher-level tasks like assembly and synchronization.
These have to be done at the application level.
Q. Explain the BG P protocol in detail. Ans:The Border Gateway Protocol

(BGP) is an inter-autonomous system routing protocol. An autonomous
system is a network or group of networks under a common
administration and with common routing policies. BGP is used to
exchange routing information for the Internet and is the protocol used
between Internet service providers (ISP). Customer networks, such as
universities and corporations, usually employ an Interior Gateway
Protocol (IGP) such as RIP or OSPF for the exchange of routing

information within their networks. Customers connect to ISPs, and ISPs
use BGP to exchange customer and ISP routes. When BGP is used
between autonomous systems (AS), the protocol is referred to as External
BGP (EBGP). If a service provider is using BGP to exchange routes within
an AS, then the protocol is referred to as Interior BGP (IBGP).BGP
Attributes
Routes learned via BGP have associated properties that are used to
determine the best route to a destination when multiple paths exist to a
particular destination. These properties are referred to as BGP attributes,
and an understanding of how BGP attributes influence route selection is
required for the design of robust networks. This section describes the
attributes that BGP uses in the route selection process:
l Weight
l Local preference
l Multi-exit discriminator
l Origin
l AS_path
l Next hop
l Community
Weight Attribute
Weight is a Cisco-defined attribute that is local to a router. The weight
attribute is not advertised to neighboring routers. If the router learns
about more than one route to the same destination, the route with the
highest weight will be preferred.
Local Preference Attribute

The local preferenceattribute is used to prefer an exit point from the local
autonomous system (AS).
Unlike the weight attribute, the local preference attribute is propagated

throughout the local AS. If there are multiple exit points from the AS, the
local preference attribute is used to select the exit point for a specific
route.
Multi-Exit Discriminator Attribute

The multi-exit discriminator (MED) or metric attribute is used as a
suggestion to an external AS regarding the preferred route into the AS
that is advertising the metric.The term suggestion is used because the
external AS that is receiving the MEDs may be using other BGP
attributes for route selection.
OSPF Features
Additional OSPF features include equal-cost, multipath routing, and

routing based on upper-layer typeof-service (TOS) requests. TOS-based
routing supports those upper-layer protocols that can specif particular
types of service. An application, for example, might specify that certain
data is urgent. If OSPF
has high-priority links at its disposal, these can be used to transport the
urgent datagram.
Routing HierarchyUnlike RIP, OSPF can operate within a hierarchy. The

largest entity within the hierarchy is theautonomous system (AS), which
is a collection of networks under a common administration that share a
common routing strategy. OSPF is an intra-AS (interior gateway) routing
protocol, although it is capable of receiving routes from and sending
routes to other ASs.
Open Source Streaming Server Product Information
Note: Because this chapter deals with multimedia data transmission and
streaming servers, the products available in the market have also been
discussed.
Apple Computers, Inc. has developed a streaming server which is called

Darwin Streaming Server. This is an open source version of streaming
server technology that allows a user to make changes according to the
requirement and to send multimedia data to clients across the Internet.
Industry standard protocols such as RTP and RTSP are used for this
purpose. Darwin Streaming Server supports a high level of
customizability and runs on a variety of platforms that allows a user to
manipulate the code.
Darwin Streaming Server can be extended or modified. Darwin

Streaming Server can be modified to alter MPEG-4 media and QuickTime
Streaming Server (QTSS), which is Apples commercial streaming server.
QTSS is delivered as a part of Mac OS X Server on alternative platforms
such as Windows, Linux, and Solaris.
Darwin Streaming Server 5.5 is the latest version available and includes
the following enhancements:
n Latest security update changes
n Latest 3GPP release 5 client support
n High-definition H.264 streaming
n Support for automatic bandwidth detection with QuickTime 7 Player
n A security update for Windows
The source code of Darwin Streaming Server 5.5 currently supports Mac
OS X Server, Linux (Red Hat 8 or higher recommended), Solaris 9, and
Windows 2000/2003 Server. The source code of Darwin Streaming
Server can be compiled and run on these operating systems.
Origin AttributeThe origin attribute indicates how BGP learned about a

particular route. The origin attribute canhave one of three possible
values:
l IGPThe route is interior to the originating AS. This value is set when
the network router
configuration command is used to inject the route into BGP.
l EGPThe route is learned via the Exterior Border Gateway Protocol

(EBGP).
l IncompleteThe origin of the route is unknown or learned in some

other way. An origin of
incomplete occurs when a route is redistributed into BGP.
AS_path Attribute
When a route advertisement passes through an autonomous system, the

AS number is added to anordered list of AS numbers that the route
advertisement has traversed. Figure 2.11 shows the situation in which a

route is passing through three autonomous systems.
Next-Hop Attribute
The EBGP next-hop attribute is the IP address that is used to reach the
advertising router. For EBGP peers, the next-hop address is the IP
address of the connection between the peers.
Community Attribute
The community attribute provides a way of grouping destinations, called

communities, to which routingdecisions (such as acceptance, preference,
and redistribution) can be applied. Route maps are used to set the
community attribute. Predefined community attributes are listed here:
l no-exportDo not advertise this route to EBGP peers.
l no-advertiseDo not advertise this route to any peer.
l internetAdvertise this route to the Internet community; all routers in

the network belong to
it.
BGP Path Selection
BGP could possibly receive multiple advertisements for the same route
from multiple sources. BGP
selects only one path as the best path. When the path is selected, BGP
puts the selected path in the IP
routing table and propagates the path to its neighbors. BGP uses the
following criteria, in the order
presented, to select a path for a destination:
l If the path specifies a next hop that is inaccessible, drop the update.
l Prefer the path with the largest weight.
l If the weights are the same, prefer the path with the largest local
preference.
l If the local preferences are the same, prefer the path that was originated
by BGP running on
this router.
l If no route was originated, prefer the route that has the shortest
AS_path.
l If all paths have the same AS_path length, prefer the path with the
lowest origin type (where
IGP is lower than EGP, and EGP is lower than incomplete).
l If the origin codes are the same, prefer the path with the lowest MED
attribute.
l If the paths have the same MED, prefer the external path over the
internal path.
l If the paths are still the same, prefer the path through the closest IGP
neighbor.
Troubleshooting DNS Server
nslookup is a command line utility that enables you to perform tests to

verify whether the resource records are added or updated correctly or
not. The nslookup command helps resolve addresses for resources on the
DNS server, performs DNS queries, and examines the content of zone
files on the DNS server. The command also helps diagnose and solve
name resolution problems when the machine name does not get resolved
while accessing the network.
Syntax nslookup [-Subcommand ...] [{ComputerToFind| [-Server]}]
The above parameters are explained below:
n Subcommand: Specifies one or more nslookup subcommands as a

command-line option such as nslookup: exit, nslookup: finger, nslookup:
ls, nslookup: lserver
asses less routing traffic than it would if the AS were not partitioned.
Area partitioning creates two different types of OSPF routing, depending

on whether the source and
the destination are in the same or different areas. Intra-area routing

occurs when the source and destination
are in the same area; interarea routing occurs when they are in different
areas.
SPF Algorithm
The Shortest Path First (SPF) routing algorithm is the basis for OSPF
operations. When an SPF
router is powered up, it initializes its routing-protocol data structures

and then waits for indications from
lower-layer protocols that its interfaces are functional.
After a router is assured that its interfaces are functioning, it uses the
OSPF Hello protocol to acquire
neighbors, which are routers with interfaces to a common network. The

router sends hello packets to its
neighbors and receives their hello packets. In addition to helping acquire

neighbors, hello packets also act
5 as keepalives to let routers know that other routers are still functional
. How can the present Internet be made to port multimedia data? For
making the existing Internet portable to multimedia data, the following
modifications need to be done:n A protocol is required that reserves
bandwidth on behalf of the streaming server applications.
n The scheduling policies in the router queues should be modified so
that the bandwidth reservations can be done. With the new scheduling
policies, not all packets get equal treatment, instead the packets from the
multimedia provider sites that reserve and pay more, get more
bandwidth.
n The applications must give the network a description of the traffic that
they intend to send to the network.
n The bandwidth and switching capacity should be enhanced to provide

satisfactory delay and packet loss performance within the network.
n Caches must be installed in the networks. Caches bring stored content

(web pages as well as stored audio and video) closer to users, thereby
reducing the traffic in the higher-tier ISPs.
n Content providers that pay for a Content Distribution Networks (CDN)

service should deliver content faster and more effectively.
Multicast overlay networks can be deployed. A multicast overlay network

consists of servers scattered throughout the ISP network and potentially
throughout the entire Internet. Servers and the logical links between
servers collectively form an overlay network, which multicasts traffic from

a source
. How can the present Internet be made to port multimedia data? For
making the existing Internet portable to multimedia data, the following
modifications need to be done:n A protocol is required that reserves
bandwidth on behalf of the streaming server applications.
n The scheduling policies in the router queues should be modified so
that the bandwidth reservations can be done. With the new scheduling
policies, not all packets get equal treatment, instead the packets from the
multimedia provider sites that reserve and pay more, get more
bandwidth.
n The applications must give the network a description of the traffic that
they intend to send to the network.
n The bandwidth and switching capacity should be enhanced to provide

satisfactory delay and packet loss performance within the network.
n Caches must be installed in the networks. Caches bring stored content

(web pages as well as stored audio and video) closer to users, thereby
reducing the traffic in the higher-tier ISPs.
n Content providers that pay for a Content Distribution Networks (CDN)

service should deliver content faster and more effectively.
Multicast overlay networks can be deployed. A multicast overlay network

consists of servers scattered throughout the ISP network and potentially
throughout the entire Internet. Servers and the logical links between
servers collectively form an overlay network, which multicasts traffic from
a source
10. Discuss the features of Real Time Protocol (RTP).The features of Real
Time Protocol (RTP) are:n RTP provides end-to-end delivery services for
data with real-time characteristics such as interactive audio and video.
However, RTP itself does not provide any mechanism to ensure timely
delivery. It needs support from the lower layers of OSI model that
actually have control over resources in switches and routers. RTP
depends on Resource Reservation Protocol (RSVP) to reserve resources
and to provide the requested quality of service.
n RTP provides timestamps, sequence numbers as hooks for adding
reliability, flow, and congestion control for packet delivery, but
implementation is totally left to the application.
n RTP is a protocol framework that is deliberately not complete. It is

open to new payload formats and new multimedia software. By adding
new profile and payload format specifications, one can tailor RTP to new
data formats and new applications.
n The flow and congestion control information of RTP is provided by

Real-Time Control Protocol (RTCP) sender and receiver reports.
Q. What are the limitations of best effort service? Explain.Ans: These are
Limitations of the best effort service*Packet Loss: Consider one of the
UDP segments generated by our Internet phone application. The UDP
segment is encapsulated in an IP datagram. As the datagram wanders
through the network, it passes through buffers (that is, queues) in the
routers in order to access outbound links. It is possible that one or more
of the buffers in the route from sender to receiver is full and cannot
admit the IP datagram. In this case, the IP datagram is discarded, never
to arrive at the receiving application.*End-to-End Delay: End-to-end
delay is the accumulation of transmission, processing, and queuing
delays in routers; propagation delays in the links; and end-system
processing delays. For highly interactive audio applications, such as
Internet phone, end-to-end delays smaller than 150 milliseconds are not
perceived by a human listener; delays between 150 and 400 milliseconds
can be acceptable but are not ideal; and delays exceeding 400
milliseconds can seriously hinder the interactivity in voice conversations.
The receiving side of an Internet phone application will typically
disregard any packets that are delayed more than a certain threshold, for
example, more than 400 milliseconds. Thus, packets that are delayed by
more than the threshold are effectively lost. * Packet Jitter: Varying
delays within the network, the time from when a packet is generated e
source until it is received at the receiver can fluctuate from packet to
packet. This phenomenon is called jitter. For an example, consider two
consecutive packets within a talk spurt in our Internet phone
application. The sender sends the second packet 20 msec after sending
the first packet. But at the receiver, the spacing between these packets
can become greater than 20 msec. To see this, suppose the first packet
arrives at a nearly empty queue at a router, but just before the second
packet arrives at the queue a large number of packets from other sources
arrive at the same queue. Because the first packet suffers a small
queuing delay and the second packet suffers a large queuing delay at this
router, the first and second packets become spaced by more than 20
mecs.
Q. What is multimedia? What is streaming server? Explain audio
streaming process.
Ans: Multimedia- The word multimedia is a compound of the Latin prefix

multi meaning many, and the Latin-derived word media, which is the
plural of the world medium. So multimedia simply means using more
than one kind of medium. Multimedia is the mixture of two or more
media effects-Hypertext, Still Images, sound, Animation and Video to be
interacted on a computer terminal.
Streaming Server: The Server which delivers the audio/video over nonHTTP protocol (Protocols that can be either proprietary or open
standards) is called streaming server. In order to get around HTTP and
/or TCP, audio/video can be stored on and sent from a streaming server
to the media player. This streaming server could be a proprietary
streaming server, such as those marketed by Real Networks and
Microsoft, or could be a public-domain streaming server. With a
streaming server, audio/video can be sent over UDP (rather than TCP)
using application-layer protocols that may be better tailored than HTTP
to audio/video streaming.
Audio Streaming:
The browser process establishes a TCP connection with the Web server
and requests the audio/video file with an HTTP request message.
(i)
The Web server sends the audio/video file to the browser in an
HTTP response message.
The content-type header line in the HTTP response message indicates a

specific audio/video encoding. The client browser examines the content
Chapter Four Wireless Local Area Network (WLAN)Wireless

TechnologiesSome of the wireless technologies are:
n Bluetooth: It is a wireless technology. It is a short-range
communications system intended to replace the cables connecting
portable and/or fixed electronic devices. The key features of
Bluetoothtechnology include robustness, low power, and low cost.
Bluetooth offers a number of advantages. It provides a simple choice for

convenient, wire-free, short-range communication between devices. It is a
globally available standard that wirelessly connects mobile phones,
portable computers, cars, stereo headsets, MP3 players, and more. It is
best suited for connecting PDA (Personal Digital Assistance) and cell
phones.
n IEEE 802.16a (WiMAX):It is commonly referred to as WiMAX or less

commonly as Wireless MAN or the Air Interface Standard, IEEE 802.16 is
a specification for fixed broadband wireless metropolitan access
networks. It provides added support for the 2 to 11 GHz range.
n IEEE 802.11g (Wi-Fi):It has a frequency up to 54Mbps in the 2.4GHz

band. Products that adhere to this standard are considered Wi-Fi
Certified. Products in this standard are compatible with 802.11b and
support 14 channels available in the 2.4GHz band with only three nonoverlapping channels.
IEEE 802.11a (Wi-Fi): It has frequency up to 54Mbps in the 5GHz band.

The products that adhere to this standard are considered Wi-Fi
Certified. Products in this standard have eight available channels. This
standard is better than 802.11b a
n t supporting multimedia voice, video and large image applications in

densely populated user environments. It has a relatively shorter range
than 802.11b and is not interoperable with 802.11b.
type of the response message, launches the associate media player, and
passes the file to the media player.
(iv)
The media player then
renders the audio/video file.Q. Explain architecture of IEEE 802.11

WLAN?
Ans: The IEEE standard 802.11 specifies the most famous family of
WLANs in which many products are already available. The standards
number indicates this standard belongs to the group of 802.x LAN
standards, e.g. 802.3 Ethernet or 802.5 Token ring. This means that the
standard specifies the physical and the medium access layer adapted to
the special requirements of wireless LANs. The primary goal of the
standard was the specification of a simple and robust WLAN which offers
time bound and asynchronous services. Furthermore, the MAC layer
should be able to operate with multiple physical layers, each of which
exhibits a different medium sense and transmission characteristic.
Candidates for physical layers were infrared and spread spectrum radio
transmission techniques. Additional features of the WLAN should include
the support of power management to save battery power, the handling of
hidden nodes, and the ability to operate worldwide.
There are different modes of modulation. Each node has its advantages
and disadvantages. The different modulation modes are:
Continuous Wave
Q. Explain the basic structure of an IEEE 802.11 MAC data frame. Ans:
Basic structure of an IEEE 802.11 MAC data frame
(i)
Frame control: These indicates the protocol version, the
type of the frame (management, Control, data), whether the frame has
been fragmented, privacy information, and the 2 DS bits(distribution
system bits), indicating the meaning of the four address fields in the
frame.
(ii)
Duration ID: for the virtual reservation mechanism using
RTS/CTS and during fragmentation, the duration field contains a value

indicating the period of time in which the medium is occupied.
(iii)
Address 1 to 4: The four address fields contain standard
IEEE 802 MAC addresses (48 bit each), as they are known from other
802.x LANs. The meaning of each address depends on the DS bits in the
frame control field.
(iv)
Sequence control: Due to the acknowledgement
mechanism it may happen that
frames are duplicated. Therefore a seq. no. is used to filter duplicates.
(v)
Data: The MAC frame may contain arbitrary data (max.
2312 byte), which is
transferred transparently from sender to the receiver(s).(vi)Checksum

(CRC): Finally, a 32-bit checksum is used to protect the frame as this is
common procedure in all 802.x networks.
MAC frames can be
transmitted between mobile stations, between mobile stations and an

access point, and between access points over a distribution system.
Continuous Wave (CW)CW is the simplest form of modulation. The

output of the transmitter is switched on and off, typically to form the
characters of the Morse code.Transmission with CW is simple and
inexpensive. The transmitted CW signal occupies less than 500 Hz of
frequency space. However, there is a disadvantage to this because the
CW signals is difficult to hear on a normal receiver.
Q. Explain the IEEE 802.11 architecture and bridging. + Q. Discuss the
various features of WLAN and its protocol architecture. Or What is
protocol Architecture? Explain with Diagram.
Ans: The IEEE 802.11 standard only covers the physical layer PHY and
medium access layer MAC like the other 802.x LANs do. Physical layer is
sub divided into physical layer convergence protocol (PLCP) and the
physical medium dependent sub layer PMD .The basic tasks of the MAC
layer comprise medium
access, fragmentation of user data and encryption. The PLCP sublayer

provides the carrier sense signal, called clear channel assessment (CCA)
and provides a common PHY service access point (SAP) independent of
the transmission technology. Finally the PMD sublayer handles
modulation and encoding/ decoding of signals.
IEEE 802.11 protocol architecture and bridging
The MAC management supports the association and re-association of a

station to an access point and roaming between different access points.
Furthermore, it controls authentication mechanism encryption,
synchronization of a station with regard to access point and power
management to save battery power. MAC management also maintains the
MAC management information base (MIB). The main tasks of the PHY
management include channel tuning and PHY MIB maintenance.
CSMA / CA Mechanism If the mechanism is sensed idle for at least the
duration of DIFS, a node can access the medium at once. This allows for
short access delay under light load. But as soon as more and more nodes
try to access the medium, additional mechanism is needed. If the
medium is busy, nodes have to wait for the duration of DIFS, entering a
contention phase afterwards. Each node now chooses a random backoff
time with a contention window and additionally delays medium access
for this random amount of time. As soon as a node senses the channel is
busy it has lost this cycle and has to wait for the next chance, i.e. until
the medium is idle again for at least DIFS. But if the randomized
additional waiting time for a node is over and the medium is still idle, the
node can access the medium immediately.
(e) Frequency Hopping Spread Spectrum(FHSS): Frequency hopping

spread spectrum (FHSS) is a spread spectrum technique, which allows
for the
coexistence of multiple networks in the same area by separating different

networks using different hopping sequences.
(i) Synchronization: The PLCP preamble starts with 80-bit

synchronization. This pattern is used for synchronization of potential
receivers and signal detection by the CCA.
(ii)Start frame delimiters (SFD): The 16 bits indicate the start of the
frame and thus provide frame synchronization.
(iii) PLCP_PDU length word (PLW): The first field of the PLCP header
indicates the length of the payload in bytes including the 32 bit CRC at
the end of the payload .PLW can range between 0 and 4,095.
(iv) PLCP signaling fields (PSF): Only one bit is currently specified in this
4-bit field indicating the data rate of the payload (1or 2 Mbit/s).
Header error check (HEC): The PLCP header is protected by a 16 bit

checksum with the standard
ITU-T generator polynomial G (x) = x^16+x^12+x^5+1.
Format of an IEEE 802.11 PHY frame using FHSS
Private-Key Encryption
Private-key encryption is an encryption system that uses two private

keys, one for encrypting the message and the other for decrypting it. In
this type of encryption, both the parties must have a secret key to
decrypt a message encrypted by the other. The drawback of this method
is in the difficulty of distributing the private keys.
Top Vulnerabilities in Windows Systems
The Windows Operating system family supports a wide variety of

services, networking methods, and technologies. Many of these
components are implemented as Service Control Programs (SCP) under
the control of Service Control Manager (SCM), which runs as
Services.exe. Vulnerabilities in these services are one of the most
common targets for exploitation by an attacker.
The critical vulnerabilities were reported in the following Windows

Services:
n MSDTC and COM+ Service
n Print Spooler Service
n Plug and Play Service (MS05-047, MS05-039)
n Server Message Block Service
n Exchange SMTP Service
n Message Queuing Service
n License Logging Service
n WINS Service
n NNTP Service
n NetDDE Service
n Task Scheduler
Amplitude Modulation (AM)In AM, the strength (amplitude) of the carrier

from a transmitter is varied according to how a modulating signal
varies.When a person speaks into the microphone of an AM transmitter,
the microphone converts the voice into a varying voltage. This voltage is
then amplified and used to vary the strength of the transmitters output.
AM adds
power to the carrier depending on the strength of the modulating voltage.
AM can be easily produced in a transmitter. In addition, AM receivers are

simple in design. However, AM has the following disadvantages:
About two-thirds of an AM signals power is concentrated in the carrier,

which contains signals of low importance. One-third of the power is in
the sidebands, which contain the signals intelligence. Of the total power
output of an AM
n transmitter, only about one-sixth is actually productive, useful output.
n The wide amount of frequency space occupied by an AM signal is

vulnerable to static and other forms of electrical noise. Despite this, AM
is simple to tune on ordinary receivers and is used for almost all
shortwave broadcasting
Chapter Five Crytography and Network security
Computer Network Authentication and Security
The various methods of securing data are discussed below.
Kerberos
Kerberos is a protocol that allows individuals communicating over an

insecure network to prove their identity to one another in a secure
manner. Kerberos prevents replay attacks and ensures the integrity of
the data. Kerberos works on client-server model and it provides mutual
authentication, both the user and the service verify each others identity.
Kerberos is built on symmetric key cryptography and requires a trusted
third party.
Data Encryption Standard (DES)
DES encrypts and decrypts data in 64-bit blocks, by using a 64-bit key
although the effective key strength is only 56 bits. DES takes a 64-bit
block of plaintext as input and outputs a 64-bit block of cipher text. DES
always operates on blocks of equal size and uses permutations and
substitutions in the algorithm. DES is both a block cipher and a product
cipher.
DES has 16 rounds, which means that the main algorithm is repeated
16 times to produce the cipher text. It has been found that the number
of rounds is exponentially proportional to the amount of time required to

find a key using a brute-force attack.
Vulnerabilities in Microsoft Office and Outlook Express
n Microsoft Office is the most widely used e-mail and productivity suite
across the globe. This includes applications such as Outlook, Word,
PowerPoint, Excel, Visio, FrontPage, and Access. Outlook Express, a
basic e-mail client, is installed with Internet Explorer and on all versions
of Microsoft Windows starting with Windows 95. Vulnerabilities in these
products can be exploited through the following attack vectors:
n The attacker can send a malicious Office document in an e-mail

message.
n A malicious document can be hosted on a Web server or a shared

folder by the attacker. The attacker can tempt a user to browse the Web
page or the shared folder.
n The attacker can run a server, such as a news server, to send

malicious responses to trigger a buffer overflow in e-mail clients.
Identifying Security Controls
Security controls are used to safeguard the network infrastructure from

the various risks that it faces, such as unauthorized access and virus
attacks. Therefore, it is essential for security designers to understand the
importance of implementing these security controls. These security
controls can reduce the possibility or the impact of a risk.
CSMA/CACSMA/CA is a network contention protocol that listens to a

network in order to avoid collisions, unlike CSMA/CD that deals with
network transmissions once collisions have been detected. CSMA/CA
contributes to network traffic because before any real data is
transmitted, it has to broadcast a signal onto the network in order to
listen for collision scenarios and to tell other devices not to broadcast.
Wireless FidelityWireless Fidelity, or Wi Fi, allows a user to connect to
the network and Internet from any location situated in a particular
facility without wires. Wi-Fi is a wireless technology like a mobile phone.
It enables computers to send and receive data indoors and out anywhere
within the range of a wireless access point or a wireless router.
Modulation
Modulation is the process of varying a carrier signal in order to use that
signal to convey information. The three key parameters of a sinusoid are
its amplitude, its phase, and its frequency. These parameters can be
modified in accordance with an information signal to obtain the
modulated signal.
A device that performs modulation is known as a modulator and a device

that performs the inverse operation of demodulation is known as a
demodulator. A device that can do both operations is called a modem.
Digital Modulation is the process in which the changes in the signal are
chosen from a fixed list. Each entry of the fixed list conveys a different
possible piece of information. In analog modulation, the change is
applied continuously in response to the data signal. Modulation may be
applied to v Modulation is generally performed to overcome signal
transmission issues such as:
Low loss, low dispersion propagation as electromagnetic waves

Multiplexing, which is the transmission of multiple data signals in one
frequency band, on different carrier frequencies.
Smaller, more directional antennas
arious aspects of the signal.
Public Key Infrastructure (PKI)
It is a system of digital certificates, Certificate Authorities (CA), and other

registration authorities that verify and authenticate the validity of each
party involved in the Internet transaction. PKI is currently evolving and
there is no single PKI or even a single agreed-upon standard for setting
up a PKI. However, users agree that a reliable PKI is necessary before
electronic commerce is widespread.
Digital Certificates
A digital certificate is a digitally signed statement that binds the

identifying information of a user, a computer, or a service to a public or
private key pair. A digital certificate is commonly used in the process of
authentication and security of networks. A digital certificate is an

attachment to an electronic message used for security purposes. The
most common use of a digital certificate is to verify the identification of
the user who is sending a message. Digital certificates also provide the
receiver with the means to encode a reply. An individual wishing to send
an encrypted message applies for a digital certificate from CA. An
encrypted digital certificate is issued with the applicants public key and
a variety of other identification information.
CA
CA is a trusted third-party organization or company that issues digital

certificates. The role of the CA in this process is to guarantee that the
individual granted the unique certificate is, in fact, who he or she claims
to be. Usually, this means that the CA has an arrangement with a
financial institution, such as a credit card company, which provides it
with information to confirm an individuals claimed identity. CAs are a
critical component in data security and electronic commerce because
they guarantee that the two parties exchanging information are really
who they claim to be.
Public-Key Encryption
A public key is known to everyone while a private or secret key is known

only to the recipient of the message. Consider an example in which user
1 wants to send a secure message to user 2. Before sending the message
to user 2, user 1 uses the public key of user 2 to encrypt the message.
User 2 then uses a private key to decrypt it.
Whitfield Diffie and Martin Hellmann introduced the public key

cryptography. Therefore, it is also called Diffie-Hellmann encryption. It is
also called asymmetric encryption because it uses two keys instead of
one key (symmetric encryption).
Types of Controls
There are different types of security controls that can help reduce risk.
These are:
n Physical controls: These controls are not directly associated with the
information, data, system, or network security of an organization.
However, they indirectly help provide security at every level of the
organization.
For example, locking of rooms or restricting access to various locations

within an organization is part of physical controls.
n Technical controls: These controls include the hardware and software

within the organization that is used to secure the systems and the data.
For example, an antivirus software is used to detect and prevent any

virus from infecting the network of the organization. It is essential to
update the technical controls at regular intervals to ensure that they
provide security from new risks.
n Administrative controls: These controls help in creating standards and

guidelines to provide a secure network environment within the
organization. These controls include elements such as policies and
procedures.
For example, for implementing authentication of resources and

information, an organization may use the password policy. As per this
policy, weak passwords, such as name of the user, birth dates, and
vehicle numbers, should not be used. This policy can be implemented by
using Group Policy Objects in Windows 2003 Server.
. Flaming:- Personal attacks or complaints are called flaming. Be

discriminate. Flaming can turn into flame wars and disrupt discussion
groups.n 3. Discuss the impact of the information technology revolution
on society.n Ans. :-The amazing growth of information technology has
implications for every aspect of society. So far there is little research that
reveals how technology has and will continue to change the dynamics of
society and the nonprofit sector. Following point elaborate how
information technology affects various sections of society:
n 1) The nonprofit sector is experiencing an organizational version of the
digital divide-the technology gap between large and small nonprofits.
Hardware, software, and technical assistance are not enough to close the
divide; strategic planning and staff time are also essential.
n 2) The true impact the Internet will have on society is in building

community, bringing
together groups of citizens, who are united by
shared values working for the public good, often spanning international
lines.
n 3) Organizations that use technology well are usually marked by

strong support from the executive director, support from the board, and
the presence of a key user staff person.
n 4) The Internet enables an organization to strengthen relationships

with its current audiences as it enables targeted, fast, and consistent
communication. It can also enable nonprofits to reach out to new
audiences through effective use of search engines and viral marketing.
n 5) Strategic use of technology is likely to require long-term

collaborations with for-profit and nonprofit partners.
n Technology can be used to mobilize people globally around a common

cause to achieve world-changing results far beyond the promise of
enabling nonprofit organizations to perform important functions, such as
fundraising and recruiting volunteers more effectively.
Q. What are the moral rule on the Internet? Discuss the type of
Problematic behavior.Ans:- Moral rules can be distinguished into two
types governing online behavior.The first type of moral rules identifies
our moral obligations online. Examples of such rules are netiquette rules
and Codes of conduct examples of which are be polite in e-mail
correspondence, always tell the client the truth, make yourself look
good online.
The second type of moral rules or recognition rules allows us to identify

what is moral and what is not. A recognition rule enables us to recognize
the perspectives in an action or decision that we have a reason to
endorse (Hart, 1961). Examples of recognition rules are read the signs,
follow the instructions, familiarize yourself with netiquette. On
netiquette, that is the recommended ways to behave properly online,
Virginia Shea (1999) lists one such rule:
1. Remember the human.
2. Adhere to the same standards online that you follow in real life.
3. Know where you are in cyberspace.
4. Respect other peoples time and bandwidth.
5. Make yourself look good online.
6. Share expert knowledge.
7. Help keep flame wars under control.
8. Respect other peoples privacy.
9. Dont abuse your power.
10. Be forgiving of other peoples mistakes.
There are three problematic behavior
One type of problematic behaviorinvolves individuals engaged in illegal

behavior that disrupts the smooth functioning of the internet. The
behavior is destructive and it undermines the reliability and security of
the internet. It involves actions such as gaining unauthorized access to
computer systems
The other category of problematic behavior is the criminal actions

involving theft and extortion. In these cases the internet facilitates such
behavior. Falling in the scope of criminal actions include stealing of
electronic funds, cyber stalking, slander, fraud, harassment, solicitation
of minors etc.
The third category of problematic behavior involves issues whether

specific laws need to be framed to make such behavior illegal. Such laws
framed to counter such behavior forms a part of netiquette or in other
words the type of actions that are acceptable or informal conventions
regarding how to behave on
the net.
Q. How is a professional code distinguished?Ans:- The different functions

of Codes are better understood by distinguishing them into1. Code of
ethics: Code of ethics are more aspirational. They are mission statements
emphasizing the professional objectives and vision.
2. Code of conduct: Code of conduct are more oriented towards the
professionals attitude. They do not describe in detail now to carry out a
particular action, bur they make clear the issues at stake in different
specialized fields.
3. Code of practice: Code of practice on the other hand fixes some

accepted state of art (Berleur,1996) and relate to current operational
activities.
Q. What is computer Hacking?
: The greatest risk that the information technology business faces today
is the security of information in terms of integrity, availability, and
confidentiality. Stories about website defacements, credit card frauds,
non-availability of Web and application servers, and new virus attacks
are common. These defacements are done by hackers and this process is
called as hacking. Software piracy and other forms of product piracy:
This includes illegal access of computer programs. It also includes
copying the softwares of the individuals to gather more information
. Discus the essentials of a valid contract.Ans.The essentials of a valid

contract are:
n Intention with which the contract is created: The intention to create a

contract should be clear otherwise, it will be treated as invalid.
n Offer and acceptance: A contract ceases to exist without an offer. An

acceptance will be deemed to be complete when both the parties are in
conscience with each other.
n Consideration: A consideration may consist sometimes in the doing of

a requested act, and sometimes in the making of a promise by the
offeree. Consideration is not required for a promise to compensate,
wholly or in part, a person who has already voluntarily done something
for the promisor or something, which the promisor was legally
compellable to do. It is also not required for a written and signed promise
by the debtor (or his duly authorized agent) to pay a time-barred debt to
the creditor.
n Capacity to enter into contract: A person can enter into a contract only
after he has attained an age of majority and is not debarred by law for
doing any unlawful activity.
n Free consent of the parties: When consent is attained by fraud or

misrepresentation, the agreement can become void at the consent of the
party who was forced to enter into such an agreement.
n Lawful object of the agreement: If the consideration or an object is

unlawful, the agreement will be treated as void.
Q. How is information privacy, violated? Discuss the privacy policy

guidelines for database.****************** Ans- Information privacy is the
right to control the disclosure of and access to ones personal
information.
The internet has facilitated a significant abuse of the principles of
disclosure and access. Information
privacy is violated when the individual:
l Does not know what information is being collected about them
l Cannot limit access to what is being collected
l Cannot control the use and distribution of this information
l Cannot correct erroneous data and out-of-date information
. a) Explain the impact of internet on the economy of the country and the
society at large. 10 Marks
Ans: Internet has the potential to make life easy for some people and at
the same time it has the power to
create problems as well. It tends to bridge distances to bring people

together and provides a new arena for increased economic cooperation,
entertainment and sociability. Internet communication has much
broader scope and reach. With little effort a user can reach hundreds
and thousands of individuals around the globe. The ability to reach many
people quickly and easily is not exactly new or unique compared to radio
or television communication. But the significant difference between the
internet and television and radio is that, in the case of radio and
television it is in most cases one way whereas in the case of internet it is
interactive. On the internet, individuals can create a different person
ensuring that information about themselves cannot be traced while in
communication with the other on the internet. The global scope of the
internet do things to one another demonstrates the great amount of
power when conected to the internet. The global scope enables
individuals apart from fraternizing with one other also to disrupt, steal,
damage, snoop, harass, stalk and defame from great distances. So we
can say that the impact of internet on the economy of the country and
the society at large.
Q.Discuss the current forms of computer crime.Ans. :-The misuse of

computers began in the year 1960. Later with the rapid growth of
telecommunications dissemination of harmful contents, such as
pornography and other communication offences in computer networks
arose. The modus operandi does not follow a continuous path. It
constantly adapts to new technologies. Hence, the computer crimes can
be analyzed under the following broad categories:Privacy Infringement:
The personal rights of the citizens are endangered with the collection,
transmission, and storage of the personal data. Therefore, in the data
processing area, the protection of privacy needs to be considered. A
balance needs to be maintained between the privacy interests of data
subjects concerned and the economic freedom of the holders of personal

data.
Economic offences: The economic crimes are considered as the central
area of computer crime. Hacking, fraudulent manipulation of the
computer data is some of the economic offences related to computers.
Computer Hacking: The greatest risk that the information technology

business faces today is the security of information in terms of integrity,
availability, and confidentiality. Stories about website defacements, credit
card frauds, non-availability of Web and application servers, and new
virus attacks are common. These defacements are done by hackers and
this process is called as hacking. Software piracy and other forms of
product piracy: This includes illegal access of computer programs. It also
includes copying the softwares of the individuals to gather more
information.
Other current form of computer crime is a) Computer Espionage, b)

Computer Sabotage and Computer Extortion, c) Computer Fraud, d)
Illegal and Harmful contents, E) Other Offences i) Attacks on Life, ii)
Organized Crime, iii) Electronic Warfare.
Q. E-Commerce is the new mantra of business Explain?or Explain the

role of E-commerce in the present business scenario
Ans:- E-Commerce is the use of the Internet to buy and sell goods and
services. E-Commerce is changing the way in which organizations do
business, resulting in streamlined purchasing processes and lowering

the cost of transacting business for both large and small companies.
E-Business helps in improving the way the business is conducted with

the government, customers, and other businesses.
Email can be used in businesses to communicate with suppliers. It can

also be used for responding and receiving the customer queries. For
example, email can be used to accept orders from the customers. The
customers can also make the payments online and get the information
regarding the products available along with their price.
Internet can also be used by businesses for managing their records and
they can make use of electronic bookkeeping. An on-line banking service
is another area, which can be used by the businesses. These services can
be used for funds transfer, payroll management, and electronic bill
payment.
Q. What are the ten commandment of computer ethics?
Ans:- THE TEN COMMANDMENTS FOR COMPUTER ETHICS
1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other peoples computer work.
3. Thou shalt not snoop around in other peoples files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not use of copy software for which you have not paid.
7. Thou shalt not use other peoples computer resources without

authorization.
8. Thou shalt not appropriate other peoples intellectual output.
9. Thou shalt think about the social consequences of the program you
write.
10.Thou shalt use a computer in ways to show consideration and

respect.
b) Explain in detail the classification of crimes under the IT Act, 2000.
OrWhat is meant by unauthorized access to a computer under the

provisions of the IT ACT 2000?
Ans: While considering the general terrain of cyber law, as of now, the
following acts are construed as
cyber crimes in the I.T. Act, 2000.
Without permission of the authorized user Accessing or securing access

to such computer, computer system or computer network
Downloading, coping or extracting any data or information for such
computer, computer system
or computer network including information or data held or stored on any
removable storage
medium
Introducing any computer virus or contaminant in the computer,

computer system or network
Damaging the computer, computer system or network
Disrupting the working of the computer, computer system or network.
Disrupting the access of the computer, computer system or network of an
authorized user.
Providing assistance to ensure unauthorized access to the computer,
computer system or network.
Tampering with computer source documents
Hacking with computer system
Publishing of information which is obscene in electronic form

Carrying on activities that are not in compliance with the provisions of
the Act.
Failure to extend all facilities and technical assistance to the Controller
to decrypt any information
necessary for the security of the nation.
Unauthorized access or attempt to secure unauthorized access to a

system that by official
notification is declared a protected system.
Misrepresenting or suppressing any material fact from the Controller or

Certifying Authority for
obtaining any license or Digital Signature Certificate.
Breach of confidentiality and privacy.

Publishing Digital Certificate that are false in certain particulars
Failure to furnish any document , report, information, maintain book of
account as required by
the Controller or Certifying authorities.
Q. Discuss the classification of crimes under the IT Act, 2000.
Ans.:- While considering the general terrain of cyber law, as of now, the
following acts are construed as cyber crimes in the I.T. Act,
2000:1.Without permission of the authorized user2.Accessing or
securing access to such computer, computer system or computer network
3.Downloading, copying or extracting any data or information for such
computer, computer system or computer network including information
or data held or stored on any removable storage medium 4.Introducing
any computer virus or contaminant in the computer, computer system or
network 5.Damaging the computer, computer system or network
6.Disrupting the working of the computer, computer system or network.
7Disrupting the access of the computer, computer system or network of

an authorized user.
8.Providing assistance to ensure unauthorized access to the computer,

9.Tampering with computer source documents
10.Hacking with computer system
11.Publishing of information which is obscene in electronic form
12Carrying on activities that are not in compliance with the provisions of

the Act. 13.Failure to extend all facilities and technical assistance to the
Controller to decrypt any information necessary for the security of the
nation.
14.Unauthorized access or attempt to secure unauthorized access to a

system that by official notification is declared a protected system
Q. Explain how proposed amendments to the IT Act 2000 overcomes the

drawbacks in the
present Act? ***************************
Ans-
Q. Intellectual property?
One of the more controversial areas of computer ethics concerns the

intellectual property rights
connected with software ownership. A trade secret is intellectual work,

such as a business plan that is a company secret and is not public
information. An example of trade secret is a companys corporate

strategic plan.
The most common intellectual property relating to information

technology deals with software. Acomputer program can be classified into
different aspects, which is capable of being owned independently.
These are:
1. Source code: the source code consists of the code written by the
programmer in a high-level
computer language like Java or C++.
2. Object Code: It is the machine language translation of the source code.
3. Algorithm: It is the sequence of machine commands that the source

code and object code
represents.
4. Look and Feel of the program: It is the way the program appears on
the screen and interfaces
with the users.
2. Explain the essentials of P3P platform..P3P aims at providing a simple,

automated way for users to gain more control over the use of personal
information on websites they browse. P3P is a standardized set of
multiple-choice questions about the websites privacy policies. Online
customers can answer these questions to select the way their personal
information will be handled by the service provider. This snapshot could
be read by P3P enabled browsers and set according to the set of privacy
preferences of the consumer.P3P not only provides facilitating
environment for the consumer to decide, negotiate and firm up the
contractual relationship, but also recognizes nine aspects of online
privacy. The first five aspects deal with (a) who is collecting this data? (b)
Exactly what information is being collected? (c) for what purposes? (d)
which information is being shared with others? (e) and who are these
recipients? The remaining four aspects focus on the sites internal
privacy policies. They include (a) can users make changes in how their
data is used? (b) how are disputes resolved? (c) what is the policy for
retaining data? (d) and where can be detailed policies found in human
readable form?
P3P is software to negotiate privacy agreements between websites and
online visitors. It is a kind of social technology that involves not merely
technology but also active participation of human beings.
5. What are the essentials of a cyber contract? Ans- Cyber Contractis an

agreement enforceable by law. We enter into contracts everyday. Some of
these are made consciously and others are not. Contracts confer legal
rights on one party and legal obligations on others. Law of contract is

covered in 75 sections of Indian Contract Act, 1872. However, the code is
not exhaustive and is applicable only to legally enforceable contracts.
The provisions of the act are not applicable to the following
l Negotiable instruments such as cheque, Bill of Exchange and

Promissory note as defined in the
Negotiable Instruments Act, 1881.
l Power of attorney instruments as defined in the Power of Attorney Act,

1882
l Trust as defined under the Indian Trusts Act, 1882
l Will as defined in the Indian Succession Act 1925
l Any contract for the sale or conveyance of immovable property
l Any such class of documents or transactions as may be notified by the

central Government in
the official Gazette.
Q. Explain how custom is a source of law.Ans:-Custom (as a source of

law) denotes a usage or practice of the people which by common adoption
and acquiescence and by long and unvarying habit, has become
compulsory and has acquired the force of law with respect to the place or
subject matter to which it relates. Legislation and common law can
operate in any sphere of human activity, while the operation of custom is
generally restricted to a particular locality, group or family.Q.Explain
principles of computer ethics?*******************
Ans-
Q. Discuss the distinct features of the Internet.
Ans:-There are three distinct feature of the Internet
Global scope: Internet communication has much broader scope and

reach. With little effort a user can reach hundreds and thousands of
individuals around the globe. The ability to reach many people quickly
and easily is not exactly new or unique compared to radio or television
communication.
Anonymity: The second important feature of the internet is that it

provides a certain kind of anonymity. It is a silent feature of this type of
communication that people can deliberately avoid seeing or hearing one

another directly.
Reproducibility: This third important feature is not just a feature of the

internet, but of information technology in general. Electronic information
exists in the form that makes it easy to copy without any lossof
originality or value in the process of reproduction.
2. Discuss the significance of legislation.Ans:-There are three main

sources of law, namely, legislation, case law and custom.Legislation is
the formal enactment of law by the legislature created or authorized by
the Constitution.
Significance of Legislation: Legislation is the foundation of democratic
polity.
The legislature provides the following functions:
The legislature can legislate in advance. Judges cannot do so. The

legislature can make a law on any subject within its competence. But
judges can deal with a subject, only when the point arises before them.
The legislature (both of parliament, state or even local self Government)

can (subject to constitutional limitations) override the law laid down by
the courts, on a particular point (though, because of the doctrine of
separation of powers, the legislature cannot reverse or modify the actual
decision rendered by the court in a particular case).
Legislation is the most fertile source of law. Subject to limitations flowing

from the constitutional doctrine, that matters of policy cannot be
delegated, the legislature can vest a subordinate authority with power to
make rules, orders, etc.
A legislative enactment is not subject to appeal; and the law enacted by it

cannot be reversed, by a higher authority (though it can be declared to be
void, if it is unconstitutional).
Q.Discuss the policy approaches to privacy issues.
Ans.:-The policy regime pertaining to protection of privacy concerns is

premised upon the following three approaches: Market approach: This
approach rejects extrinsic legal enforcement and takes within its fold self
regulatory mechanisms which would enable the market players to employ
or adopt. It does not talk about tangible consumer remedies. Human
rights approach: This approach recognizes rights to information and the
related attribute of privacy as a human right. Contract approach: This
recognizes contract model. This model premises on the ground that in a
given context the privacy concerns are better protected if the concern is
treated as terms and conditions of the contract. Hence, the contract
imposes an obligation on the parties to protect the privacy concerns. In
the event of breach the contract itself provides for contractual remedies.
2. Explain the four classifications of ethical issues.
Ans. Ethical issues can be classified into:

Privacy issues: The privacy issues deal with the collection, storage, and
dissemination of information about individuals. For example:
What information about oneself should an employer reveal to others?

n Accuracy issues: The accuracy issues deal with authenticity, fidelity,
and accuracy of information collected and procured. The questions that
need to be addressed in accuracy issues include:
Who is responsible for the accuracy, fidelity, and accuracy of information

collected?compensated?
n Property issues: The property issues deal with ownership and value of
information (intellectual property). Examples of issues that need to be
addressed as property issues are:
Who owns the information?
n Accessibility issues: The accessibility issues concern with the right to
access information and payment towards the same. These issues include:
Who is allowed to access information
Q. State and discuss the primary assumptions of a legal systemAns:Ans. Following are the primary assumptions of a legal system:
Sovereignty: Law making power is a matter of sovereign prerogative. As a
result, the writ of sovereign authority runs throughout wherever
sovereign power exercises authority. Beyond its authority, the sovereign

cannot regulate a subject matter through legal intervention.
Territorial Enforcement: Any law in real world context can only be

subjected to predetermined territorial enforcements. There are some
exceptions to this. The sovereign authority could join extra territorial
jurisdiction in case of criminal law
Notion of property: The obtaining premise of the legal response considers

property as tangible and physical. In the cyber context, property in the
form of digitized services or goods poses serious challenges to this legal
understanding. Also that the domain names raise fundamental
questions.
Paper based transaction: Obtaining legal response considers and

encourages people to create and constitute legally binding relationships
on the basis of paper- based transactions.
Real relationships: Legal response considers relationships quite often. In

view of connectivity, pace and accuracy as to transmission, in the cyber
context, these relationships acquire unique distinction of virtual
character. In case of trade and commerce, commercial transaction in the
form of contracts constitutes the foundation of legal relationship.
Q. List the code of Ethics for IT Professionals.
Ans:- A Professional member of the Computer Society of India (CSI) shall:
a) organize the resources available to him and optimize these in attaining

the objectives of his organization,
b) use the codes of practice conveyed by the CSI from time to time in
carrying out his tasks,
c) not misuse his authority or office for personal gains,
d) comply with the Indian laws relating to the management of his

organization particularly with regard to Privacy and Piracy, and operate
within the spirit of these laws,
e) conduct his affairs so as to uphold project and further the image and
reputation of the CSI,
f) Maintain integrity in research and publications.
1. Define computer ethics ?
Ans- Computer ethics is the analysis of the nature and social impact of
computer technology and the formulation and justification of the policies
for the ethical use of such technology. Computer ethics examine the
ethical issues surrounding computer usage and the connection between

ethics and technology. It includes consideration of both personal and
social policies for ethical use of computer technology.
2. Explain the different sources of law?
Ans- Ans:-There are three main sources of law, namely, legislation,

common law and custom. Legislation is the formal enactment of law by
the legislature created or authorized by the Constitution. It constitutes
the process of codification or legislative enactment. It consists of written
laws, as contrasted with the judge made law or common law.
Common law comprises the body of principles. It is a body of law that

develops and derives through judicial decisions, as distinguished from
legislative enactments. Judicial decisions become a source of law by
reason of the practice of courts, of accepting precedent as a source of
law, that is, the established judicial practice that a court must follow the
law laid down by a decision of the higher judiciary in the country or
state.
Custom denotes a usage or practice of the people which by common

adoption and acquiescence and by long and unvarying habit, has become
compulsory and has acquired the force of law with respect to the place or
subject matter to which it relates. Legislation and common law can
operate in any sphere of human activity, while the operation of custom is
generally restricted to a particular locality, group or family.
Q. What are the evidentiary presumptions of a secured electronic

document. Explain the process of encryption and decryption of data.
Ans.:-An electronic document is said to be secure where any security
procedure has been applied to the electronic document at a specific point
of time. Such a document is deemed to be secure till the time of
verification. But there is no presumption about the integrity and
authenticity of the electronic record. To create a legally bound electronic
document is technologically complex. A legally enforceable electronic
document must pass the test of authentication, non-repudiation,
confidentiality and information integrity during transmission or storage.
The key element in the authentication of a paper-based document is the
signature of the contracting persons. Likewise an electronic signature is
the key in an electronic record. The equivalent electronic signature is
referred to as digital signature. A digital signature is to identify the
sender of the electronic record, authenticate the originator of the
message and to certify that the message could not have been tampered
with during the course of its transmission.The process of making the
information unintelligible to the unauthorized reader is known as
encryption of data. The process of making the information readable once
again is known as decryption of data. The science of Cryptography is
made up of encryption and decryption. There are two types of
Cryptographic systems symmetric and asymmetric. The symmetric
Crypto system consists of both the sender and the receiver having access
and sharing a common Key to encrypt or decrypt a message. The
asymmetric Crypto system is a more a secure system. This system uses
two keys. The originator of the document keeps one of the keys known as
the Private key and the other key is sent to the recipient of the message.
The recipient affixes the digital signature when he uses the public key to
open the message sent to him. Thus the combination of the Public Key
and the Private Key provide both confidentiality and authentication

which enables for secure electronic transmission.
3. How is a professional code distinguished.?
Ans- Ans:- The different functions of Codes are better understood by

distinguishing them into
1. Code of ethics: Code of ethics are more aspirational. They are mission
statements emphasizing the professional objectives and vision.
2. Code of conduct: Code of conduct are more oriented towards the
professionals attitude. They do not describe in detail now to carry out a
particular action, bur they make clear the issues at stake in different
specialized fields.
3. Code of practice: Code of practice on the other hand fixes some
accepted state of art (Berleur,1996) and relate to current operational
activities.
2. What are the remedies for the breach of a contract?Ans.The principal

remedies for the breach of contract are:
Damages: The party who has broken the contract needs to pay
compensation for any loss or damage that has occurred to the party with
whom such a contract was entered into.
Specific performance of the contract: In certain cases, the court directs

against the party in default for the specific performance of the contract.
This means that the party will be asked to perform the obligations that
he needs to perform according to the contract.
Injunction: An injunction is a preventive relief and is granted at the

discretion of the court. The discretion of the court is not arbitrary but is
guided by judicial principles. A further check on the discretion is the
provision for correction through an appeal in a higher court
Q. Explain with the help of historical milestones, the evolution of

computer ethics.
Ans:- The computer revolution is occurring in two stages. The first stage
was that of technology introduction in which computer technology was
developed and refined. The second stage is of technological permeation
in which technology gets integrated into everyday human activities. Thus
evolution of computer ethics is tied to the wide range of philosophical
theories and methodologies, which is rooted in the understanding of the
technological revolution from introduction to permeation.
In the 1940s and 1950s computer ethics as a field of study had its roots
in the new field of research called cybernetics-the science of
information feedback systems undertaken by Professor Norbert Weiner.

The concepts of cybernetics led Weiner to draw some remarkable ethical
conclusions about the technology
that is now called information and communication technology. He

foresaw revolutionary social and ethical consequences with the advance
of technology.
The 1990s heralded the beginning of the second generation of computer

ethics. Past experience led to the situation, which helped to build and
elaborate the conceptual foundation while developing the frameworks
within which practical action can occur, thus reducing the unforeseen
effects of information technology application.
7.Explain the impact of internet on the economy of the country and the
society at large.Ans-8. Discuss the impact of globalization on computer
ethics
Ans-
Ans:- Computer ethics is rapidly evolving into a broader and even more
important field, which might reasonably be called global information
ethics. Global networks like the internet and especially the World Wide
Web.
Global laws: Over two hundred countries are already interconnected by

the internet. Given this situation, what is the effect and impact of the law
of one particular country on the rest of the world? Issues regarding
freedom of speech, protection of intellectual property, invasion of privacy

vary from country to country
Global cyber business: Technology is growing rapidly to enable electronic

privacy and security on theinternet to safely conduct international
business transactions. With such advanced technology in place, there
will be a rapid expansion of global cyber business.
Global education: Inexpensive access to the global information net for the
rich and the poor alike is necessary for everyone to have access to daily
news from a free press, free texts, documents, political, religious and
social practices of peoples everywhere. However the impact of this
sudden and global education on different communities, cultures and
religious practices are likely to be profound.
9. What are the fundamental conceptions regarding the evaluation of

individual actions.
Ans.
In the history of moral philosophy, two fundamentally different and
mutually exclusive conceptions of the moral evaluation of individual
actions are prevalent:
n One approach or school of thought believes that it is important to

examine an issue under independently justified principles of what one
considers being right. The idea here is to follow the principles that
articulate what is morally right irrespective of the consequences. This is
referred to as deontological approach. In this approach, one starts out

with one or more moral principles and see how they apply to particular
cases.
n The other school of thought believes that it is important to look for the
course of action that maximizes the good. This approach involves
determining which action yields the best consequences measured in
some standard of the good or morality. This approach referred to as
teleological approach involves deciding on what is good for population.
It also spells out what is wrong with actions that interfere with attempts
to get it.
1. How do professional codes address issues from the viewpoint of

computing profession?
Ans.The code of ethics provides a basis to address issues from the
viewpoint of the computing profession. These codes address issues from
the viewpoint of computing profession by imposing three levels of ethical
obligations, which are to be followed by the professionals:
n The first level is a set of ethical values, such as integrity and justice,
which professionals share with other human beings by virtue of their
shared humanity. Code statements at this level are statements of
aspiration that provide vision and objectives.
n The second level obliges professionals to more challenging obligations

than those required at the first level. At the second level, by virtue of
their role as professionals and their special skills, they owe a higher
degree of care to those affected by their work. Every type of professional
shares this second level of ethical obligation. Code statements at this
level express the obligations of all professionals and professional

attitudes. They do not describe specific behavior details, but they clearly
indicate professional responsibilities.
n The third level comprises several obligations that derive directly from
elements unique to the particular professional practice. Code elements at
this level assert more specific behavioral responsibilities that are more
closely related to the state of art within the particular profession. The
range of statements is from more general aspirational statement to
specific and measurable requirements. Professional code of ethics needs
to address all three of these levels.
4. What is common law? How does it differ from codified law?

Ans.Common law or uncodified law is the law flowing from judicial
decisions. E.g. the process of dispute resolution or adjudication of
liability by either village elders or people holding power through the
process of issuing commands has received social acceptance. The uncodi
fied law governs large segment of the legal regime. The judgment
pronounced by an organ of the higher judiciary performs at least two
important functions :For the immediate parties, the judgment becomes a
source, rights and duties. For the world, it becomes a source of law, it
happens to deal with a legal proposition and to make a definite
pronouncement on the subject. It is different from codified law because
codified laws are made formally by a law making body of people, where as
common laws have their enunciations through decisions of courts.
Q. State and discuss the primary assumptions of a legal system
Ans:- Ans. Following are the primary assumptions of a legal system:



questions.


Explain the policy approaches to privacy issues
Ans- Ans.:-The policy regime pertaining to protection of privacy concerns

is premised upon the following three approaches: Market approach: This
approach rejects extrinsic legal enforcement and takes within its fold self
regulatory mechanisms which would enable the market players to employ
or adopt. It does not talk about tangible consumer remedies. Human
rights approach: This approach recognizes rights to information and the
related attribute of privacy as a human right. Contract approach: This
recognizes contract model. This model premises on the ground that in a
given context the privacy concerns are better protected if the concern is
treated as terms and conditions of the contract. Hence, the contract
imposes an obligation on the parties to protect the privacy concerns. In
the event of breach the contract itself provides for contractual remedies.
2. Discuss the classification of crimes under the IT Act, 2000.
Ans.While considering the general terrain of cyber law, as of now, the

following acts are construed as cyber crimes in the IT Act, 2000:
n Without permission of the authorized user
n Accessing or securing access to such computer, computer system or

computer network
n Downloading, copying or extracting any data or information for such

or data held or stored on any removable storage medium
n Introducing any computer virus or contaminant in the computer,

n Damaging the computer, computer system or network
n Disrupting the working of the computer, computer system or network
n Disrupting the access of the computer, computer system or network of

an authorized user
n Providing assistance to ensure unauthorized access to the computer,

n Tampering with computer source documents
n Hacking with computer system
n Publishing of information, which is obscene in electronic form
n Carrying on activities that are not in compliance with the provisions of

the Act
n Failure to extend all facilities and technical assistance to the

Controller to decrypt any information necessary for the security of the
nation
n Unauthorized access or attempt to secure unauthorized access to a



8. Write short notes on
a) EDUCOM **************
Ans- The Educom Code:

A guide to the ethical and legal use of software for members of the
academic community, it is a brochure produced as a service to the
academic community by the Educational Uses of Information Technology
Program (EUIT) of EDUCOM, and the Information Technology Association
of America (ITAA). EDUCOM is a non-profit consortium of colleges and
universities committed to the use and management of information
technology in higher education. ITAA is an industry association for
companieswhich create and market products and services associated
with computers, communications and data.
Relevant facts of the Code:
l UNAUTHORIZED copying of software is illegal. Copyright law protects

software authors and publishers, just as patent law protects inventors.
l UNAUTHORIZED copying of software by individuals can harm the entire

academic community. If unauthorized copying proliferates on a campus,
the institution may incur legal liability. Also, the institution may find it
more difficult to negotiate agreements that would make software more
widely and less expensively available to members of the academic
community.
l UNAUTHORIZED copying and use of software deprives publishers and

developers of a fair
return for their work, increases prices, reduces the level of future
support and enhancements,
and can inhibit the development of new software products.
b) Information Technology Act 2000Ans- These sections deals with

penalties to be imposed for damages to computers, computer systems etc.
Section 43, which defines for the penalty for damages to computer
systems resulting from illegal activities such as hacking, suggests up to
Rs. One crore as penal damages. Under section 44, failure to present
certain reports to controller or the certifying authority of the Cyber
Appellate Tribunal could result in fines up to Rs. 150,000. Any delay in
filing any return or furnishing any information, books or other
documents within the time specified will result in fines of Rs. 5,000 per
day, and Rs. 10,000 per day for repeat offence.c) Cyber regulations
appellate tribunal.
Ans- The Central Government shall, by notification, establish one or
more appellate tribunals to be
known as the Cyber Regulations Appellate Tribunal.
The Central Government shall also specify, in the notification referred to

in sub-section (1),the matters and places in relation to which the Cyber
Appellate Tribunal may exercise jurisdiction
A Cyber Appellate Tribunal shall consist of one person only (hereinafter

referred to as the Residing Officer of the Cyber Appellate Tribunal) to be
appointed, by notification, by the Central Government
Describe the nature and features of the internet. What are the essentials
of a cyber contract?
Ans- A network of networks is called as an Internet. In this the
computers systems are connected with each other in a local area
network. They are also connected to computers on a national and
International scale. The fiber-optic cable, twisted pair copper wire,
microwave transmission, or other communications medias are used for
connecting each node, which is a part of the web. A set of rules is
followed when the computers on the web communicate with each other.
These rules are called as Internet Protocols.In this type of
communication, the Internet acts as a packet switched network. The data
that needs to be transmitted is broken down into smaller packets. The
address of the final destination is attached with the packets. These
packets may follow different route from computer to computer until their
final destination. At the final destination the recipient machine
reassembles the packets.
The links available in the Internet can be used by the Internet users to
retrieve various types of information. When the user sends a request, the
request is forwarded to the remote server where the addressee is housed.
In case the information supplied is right, a response is send back and
the user is bale to retrieve the information that they can access. Different
types of information such as graphics, sound and animated text can be
retrieved with the use of Internet.
The formation of a valid contract is governed by the Indian Contract Act,

1872. A contract could be made in any form to show an agreement
between two parties which takes into account all the essentials of a
contract. Writing is not essential for the validity of a contract except
where a specific statutory provision requires writing.
The essentials of a (valid) contract are: -
Intention to be bound
A definite intention to be bound is highlighted by Gibson v. Manchester

City Council (1979) 1 All E.R. 192. In 1970, M adopted a policy of selling
council houses to tenants. In February, 1971 the City Treasurer wrote to
G, stating that council may be prepared to sell the house to you at
2,180 (freehold). The letter asked G to make a formal application. This
he did, and the council took the house off the list of councilmaintained
properties. Before the completion of the normal process of preparation
and exchange of contracts when property is sold, control of the council
changed hands and the policy of selling council houses was reversed. The
new council decided only to complete those transaction where exchange

of contracts had already taken place.
Offer and AcceptanceIt is an essential ingredient of a contract that there

must be an offer and its acceptance. If there is no offer, there is no
contract, because there is no meeting of minds. Again, if there is an offer
by one party, but it is not accepted by the other party or if the ostensible
acceptance of the offer is defective, then also, there is no agreement and
therefore no contract.Concept of offer
An offer (or its Indian counterpart, a Proposal) is not defined by statute.
It is generally understood as denoting the expression, by words or
conduct, of a willingness to enter into a legally binding contract. By its
terms, it expressly or impliedly indicates that it is to become binding on
the offeror as soon as it has been accepted, usually by a return promise
or an act on the part of the person (the offeree) to whom it is so
addressed.
Offer by and to whom
An offer must be made by a person legally competent to contract or on

his behalf by someone authorized by him to make the offer. It is usually
made to a person or to a number of persons), but it can be made to the
entire world, as happened in Carlill v. Carbolic-Smoke Ball Co., (1893) 1
Q.B. 256: (1891-94) All E.R. Rep. 127. In that case, the defendants
(manufacturers of medicinal smoke balls) promised to pay 100 to
anyone who, after having bought and used their smoke balls, caught
influenza. Plaintiff did so and
caught influenza. Plaintiff was held to be entitled to recover his money. It

was no defense that there was no particular individual to whom the
announcement was address.
Statements which are not offers
Every statement of intention is not an offer. A statement must be made

with the intention that it will be accepted and will constitute a binding
contract.
TERMINATION OF OFFER
Some parties clearly indicate that their statements or documents do not

constitute offers, e.g. estate agents. These particulars do not form, nor
constitute any part of an offer, or a contract, for sale.Until an offer is
accepted, it creates no legal rights and it may be terminated at any time
in a variety of ways.
QUALITY OF ACCEPTANCE
Acceptance of an offer must be absolute and must correspond with the

terms of the offer. This rule, a key constituent of the basic premise, does
not always accord with the realities of complex business contract
negotiations today. Such negotiations may indeed proceed through a
series of proposals, counterproposals, withdrawals, variations and
qualifications, before agreement (or otherwise) is reached. When parties
carry on lengthy negotiations, it may be hard to say exactly when an offer
has been made and accepted.
Consideration
Consideration is not required for a promise to compensate, wholly or in
part, a person who has already voluntarily done something for the
promisor or something which the promisor was legally compellable to do.
It is also not required for a written and signed promise by the debtor (or
his duly authorized agent) to pay a time-barred debt to the creditor.
CAPACITY OF THE PARTIES A person is competent to contract if, at the

time of making it, he is of sound mind, major and not disqualified from
contracting under law. Where he has not attained the age of 18 years (or
being under a court of wards, has not attained the age of 21 years), he
cannot contract. Agreements made by minors are void. Minors cannot, on
attaining majority, ratify agreements entered into during their minority.
But if a minor makes a fraudulent misrepresentation about his age and
obtains a loan, he can be required to refund it or to make compensation
for it.
UNLAWFUL AGREEMENTS An agreement whose consideration or object

is unlawful, is void. The consideration or object of an agreement is
unlawful, if it is forbidden by law or it would defeat the provisions of and
law, is fraudulent, or involves or implies injury to the person or property
of another or the court regards it as immoral or opposed to public policy.
A party to an illegal agreement who has advanced money under it to the
other party is entitled to recover it, if the illegal purpose has not been
partly or wholly carried out.
PERSONS BOUND BY CONTRACT Promises bind the promisors and (in

case of death of promisors before performance) their legal
representatives, unless there is a contract to the contrary, or the nature
of the contract is such that it depends upon the personal qualifications
of any party.
b) Cyber crimes
Ans : - At the outset, terminological clarification about usage of this

phrase namely, cyber crimes is warranted. Many a time, cyber crimes is
used synonymously to indicate computer crimes also. However,
technically speaking, the phrase cyber crimes entail a different and
unique understanding. No doubt, computer, in whatever sense we use
the term is basically required to undertake any activity in the cyber
context. In other words, possible crime can be perpetrated with the help
of a computer devoid of cyber context. But as matters stand now, without
the help of a computer network it is not possible to involve in any kind of
activity in the cyber context.
In an influential research work, Prof. Ulrich Sieber observed that; the

vulnerability of todays information society in view of computer crimes is
still not sufficiently realized:
computer networks. A companys entire production frequently depends

on the functioning of its data- processing system. The security of these
computer and communication systems and their protection against
computer crime is therefore
of essential importance.
Explain the three levels of computer ethics.
Ans- Computer ethics questions can be raised and studied at various

levels. Each level is vital to the overall goal of protecting and advancing
human values.
The first level tries to sensitize people to the fact that computer
technology has social and ethical consequences.
The second level consists of someone who takes interest in computer
ethics cases, collects examples, clarifies them, looks for similarities and
differences, reads related works, attends relevant events to make
preliminary assessments, and after comparing them, suggests possible
analyses.
The third level of computer ethics referred to as theoretical computer
ethics applies scholarly theories from philosophy, social science, and law
to computer ethics cases and concepts in order to deepen the
understanding of issues.
Discuss the distinct features of the internetAns- There are three distinct
feature of the InternetGlobal scope: Internet communication has much
broader scope and reach. With little effort a user can reach hundreds
and thousands of individuals around the globe. The ability to reach many
people quickly and easily is not exactly new or unique compared to radio
or television communication.
Anonymity: The second important feature of the internet is that it
provides a certain kind of anonymity. It is a silent feature of this type of
communication that people can deliberately avoid seeing or hearing one
another directly.
Reproducibility: This third important feature is not just a feature of the

internet, but of information technology in general. Electronic information
exists in the form that makes it easy to copy without any lossof
originality or value in the process of reproduction.
What are the ten commandments for computer ethics?
Ans- 1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other peoples computer work.
3. Thou shalt not snoop around in other peoples files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not use of copy software for which you have not paid.
7. Thou shalt not use other peoples computer resources without

authorization.
8. Thou shalt not appropriate other peoples intellectual output.
9. Thou shalt think about the social consequences of the program you
write.
10.Thou shalt use a computer in ways to show consideration and

respect.


questions.


n Unauthorized access or attempt to secure unauthorized access to a

b) Explain the term digital signature. What is a digital signature
certificate? 8 Marks
Ans- DIGITAL SIGNATURE
The I.T. act states that where any law provides that information shall be
in writing or in printed form, the requirement is deemed to be satisfied if
such information is in an electronic form and is accessible for
subsequent reference. The key ingredients of the formation of electronic
contracts comprise communication of offer and acceptance by electronic
means, verification of the source of the communication, authentication of
the time and place of dispatch and finally the verifiability of the receipt of
the data communication. A subscriber may authenticate an electronic
record by affixing his digital signature. The digital signature serves to
satisfy the legal requirement of affixing of a signature in a written or
printed document.
DIGITAL SIGNATURE CERTIFICATE
A digital signature certificate of a subscriber certifies the identity of the

subscriber and implies his acceptance of the provisions of this act and
the rules and regulations contained therein. The certificate is issued only
on the following grounds:
The Certifying Authority being satisfied that the information contained

in the application of certificate is accurate.
The subscriber holds a Private Key capable of creating a Public Key
The Private Key corresponds to the Public Key to be listed in the Digital
Signature Certificate
The Public Key to be listed in the certificate can be used to verify a
digital signature affixed by
the Private Key held by the subscriber
Q.Discuss the ad judicatory processes incorporated in the Act.
Ans. Ad judicatory Process: A reasonable opportunity is given to the

person being charged with contravention of the Act by the adjudicating
officer. When the adjudicating Officer is satisfied that there had been a
contravention of the Act, he imposes such penalty or award
compensation in accordance with the provisions of that section. While
adjudging the quantum of compensation under this section the
adjudicating officer shall take into consideration the amount of gain of
unfair advantage wherever quantifiable made as a result of the default,

the amount of loss caused to any person as a result of the default and
the repetitive nature of the default. The adjudicating officer also has the
powers of the Civil Court, which are conferred on the Cyber Appellate
Tribunal.
Q. Explain the three level of computer ethics
Ans:- On the most basic level, computer ethics tries to sensitize people to
the fact that computer technology has social and ethical consequences.
Newspapers, magazines and TV news programs have highlighted the
topic of computer ethics by reporting on events relating to computer
viruses, software ownership law suits, computer aided bank robbery,
computer malfunction, computerized weapons etc.
The second level consists of someone who takes interest in computer

ethics cases, collects examples, clarifies them, looks for similarities and
differences, reads related works, attends relevant events to make
preliminary assessments and after comparing them, suggests possible
analyses.
The third level of computer ethics referred to as theoretical computer

ethics applies scholarly theoriesfrom philosophy, social science, law etc.
to computer ethics cases and concepts in order to deepen the
understanding of issues
ELECTRONIC GOVERNANCE
Legal recognition of electronic records.
Where any law provides that information or any other matter shall be in
writing or in the typewritten or printed form, then, notwithstanding
anything contained in such law, such requirement shall be deemed to
have been satisfied if such information or matter is
(a) rendered or made available in an electronic form; and
(b) accessible so as to be usable for a subsequent reference.
Discuss the significance of legislationAns- There are three main sources

of law, namely, legislation, case law and custom.Legislation is the
formal enactment of law by the legislature created or authorized by the
Constitution.
Significance of Legislation: Legislation is the foundation of democratic
polity.
The legislature provides the following functions:
The legislature can legislate in advance. Judges cannot do so. The

legislature can make a law on any subject within its competence. But
judges can deal with a subject, only when the point arises before them.
The legislature (both of parliament, state or even local self Government)

can (subject to constitutional limitations) override the law laid down by
the courts, on a particular point (though, because of the doctrine of
separation of powers, the legislature cannot reverse or modify the actual
decision rendered by the court in a particular case).
Legislation is the most fertile source of law. Subject to limitations flowing

from the constitutional doctrine, that matters of policy cannot be
delegated, the legislature can vest a subordinate authority with power to
make rules, orders, etc.
A legislative enactment is not subject to appeal; and the law enacted by it

cannot be reversed, by a higher authority (though it can be declared to be
void, if it is unconstitutional).
What are the primary assumptions of a legal system
Ans- Ans. Following are the primary assumptions of a legal system:


What is meant by unauthorized access to a computer? Explain.
Ans- The IT Act defines unauthorized access by any person as acts done
without the permission of the owner, which includes:
i)Accessing or securing access to such computer, computer system or

computer network
ii)Downloading, copying or extracting any data or information for such

or data held or stored on any removable storage medium
iii)Introducing any computer virus or contaminant in the computer,

iv)Damaging the computer, computer system or network
v)Disrupting the working of the computer, computer system or network.
vi)Disrupting the access of the computer, computer system or network to

an authorized user.
vii)Providing assistance to ensure unauthorized access to the computer,

viii)The penalty to be paid by the person for unauthorized access by way

of compensation not exceeding one crore rupees to the affected person.
What are the amendments to the Indian Penal Code
Ans- Amendments to the Indian Penal Code The Indian Penal Code (IPC)
details actions that constitute a crime and the punishments prescribed
for such actions. It elaborately classifies crimes based on interests that
are intended to be protected. The classifications includes
Offences against body
Offences against property
Offences against marriage
Offences against public tranquility
Offences against state
Some important aspects have to be weighed while determining whether a

crime has been committed or not. The state of mind of the person
committing the crime, the circumstantial evidence available, the
corroborative evidence which might shed more light on the act have to be
taken into account while determining if a crime has been committed or
not.
As the definition of crime would include an fraudulent act or deliberate

misrepresentation involving the use of documents, any cyber transaction
using the equivalent of a document need protection under law. To
facilitate enforcement of laws to cover cyber transactions, the IPC has
been amended to cover cyber transactions.
The important changes in IPC include provisions regarding documents

and signature. As electronic records have replaced documents in the IT
act, the IPC have been amended to read also the expression electronic
records where the term document appears in the act. Section 464 of
the act has the term digital signature as understood by the definition
of the term digital signature in the IT Act 1999. Section 22A has been
newly introduced into the act. It defines the word Electronic Record as
understood by the
definition of that term in the IT Act of 1999. The other sections that have
been amended are section 167,172, 173, 175, 192, 204,463, 464, 468,
469, 470, 471, 474, 476 and 477A.
What is meant by cyber crime?

When Internet was developed, the founding fathers of Internet hardly had
any inclination that Internet could also be misused for criminal activities.
Today, there are many disturbing things happening in cyberspace. Cyber
crime refers to all the activities done with criminal intent in cyberspace.
These could be either the criminal activities in the conventional sense or
could be activities, newly evolved with the growth of the new medium.
Because of the anonymous nature of the Internet, it is possible to engage
into a variety of criminal activities with impunity and people with
intelligence, have been grossly misusing this aspect of the Internet to
perpetuate criminal activities in cyberspace. The field of Cyber crime is
just emerging and new forms of criminal activities in cyberspace are
coming to the forefront with the passing of each new day.What is cyber
privacy? Explain
Ans- Privacy in cyber space has assumed great importance given the
proliferation in electronic commerce. The privacy violation particularly in
the western societies is viewed as an infringement of ones right, whether
the violation concerns activity that is of a commercial or a private nature.
In this unit you will find a detailed discussion regarding privacy issues
confronting the cyber world
Be that as it may, like the benefits we are also experiencing the risks
and effects of vulnerabilities of the information technology in the same
way. Among other concerns, privacy in cyber space has acquired center
stage, of late, in view of more than one reason. As the number of online
users increase, the information rendered by them multiplies. The
concern about that information is, whether online users can exercise any
kind of control over the information that has been passed on to the
service provider in the cyber medium? The concern is quite legitimate,
because, by and large such information is personal and private.
Write short notes on :
a) Ethics and the internet *********************
b) Sources of Law
Ans-) Source of law Ans :- Speaking for our own context, our legal system
is based upon the foundations of common law conceived and shaped by
ritish rulers and jurists. Common law connotes, judicial practice of
recognizing customary, traditional practices of the people in a formal
sense of judgments. In this kind of system there are three main sources
of the law, namely, legislation, case law and custom. Legislation is the
formal enactment of law by the legislature created or authorized by the
Constitution. Essentially, the process of codification or legislative
enactment is the premise. It stands in contrast to judge made law;
Legislation consists of leges scriptae (written laws), as contrasted with
judge made law or common law (jus commune). Legislation also stands in
contrast to customary law (consuetudines).
c) Cyber crimes.
Ans- Cyber crime is a generic term that refers to all criminal activities
done using the medium of computers, the Internet, cyber space and the
worldwide web. There isnt really a fixed definition for cyber crime. The
Indian Law has not given any definition to the term cyber crime. In fact,
the Indian Penal Code does not use the term cyber crime at any point
even after its amendment by the Information Technology Act 2000 in the
Indian Cyber law.
Q. what is cyber contract?
Ans:- Cyber Contract is an agreement enforceable by law. We enter into

contracts everyday. Some of these are made consciously and others are
not. Contracts confer legal rights on one party and legal obligations on
others. Law of contract is covered in 75 sections of Indian Contract Act,
1872. However, the code is not exhaustive and is applicable only to
legally enforceable contracts.
5. Legal recognition of digital signatures.Where any law provides that

information or any other matter shall be authenticated by affixing
thesignature or any document shall be signed or bear the signature of
any person (hence, notwithstanding anything contained in such law,
such requirement shall be deemed to have been satisfied, if such
information or matter is authenticated by means of digital signature
affixed in such manner as may be prescribed by
the Central Government.
Explanation.For the purposes of this section, signed, with its

grammatical variations and cognate expressions, shall, with reference to
a person, mean affixing of his hand written signature or any mark on any
document and the expression signature shall be construed accordingly.
6. Use of electronic records and digital signatures in Government and its

agencies.
(1) Where any law provides for
(a) the filing of any form. application or any other document with any
office, authority, body
or agency owned or controlled by the appropriate Government in a

particular manner;
(b) the issue or grant of any licence, permit, sanction or approval by

whatever name called in
a particular manner;
(c) the receipt or payment of money in a particular manner,
then, notwithstanding anything contained in any other law for the time
being in force, such requirement
shall be deemed to have been satisfied if such filing, issue, grant, receipt
or payment, as the case may be, is effected by means of such electronic
form as may be prescribed by the appropriate Government.
(2) The appropriate Government may, for the purposes of sub-section (1),
by rules, prescribe(a) the manner and format in which such electronic
records shall be filed, created or issued;
(b) the manner or method of payment of any fee or charges for filing,
creation or issue any
electronic record under clause (a).
Offer by and to whom
An offer must be made by a person legally competent to contract or on

his behalf by someone authorized by him to make the offer. It is usually
made to a person or to a number of persons), but it can be made to the
entire world, as happened in Carlill v. Carbolic-Smoke Ball Co., (1893) 1
Q.B. 256: (1891-94) All E.R. Rep. 127. In that case, the defendants
(manufacturers of medicinal smoke balls) promised to pay 100 to
anyone who, after having bought and used their smoke balls, caught
influenza. Plaintiff did so and
caught influenza. Plaintiff was held to be entitled to recover his money. It

was no defense that there was no particular individual to whom the
announcement was address.
Statements which are not offers
Every statement of intention is not an offer. A statement must be made

with the intention that it will be accepted and will constitute a binding
contract.
TERMINATION OF OFFER
Some parties clearly indicate that their statements or documents do not

constitute offers, e.g. estate agents. These particulars do not form, nor
constitute any part of an offer, or a contract, for sale.Until an offer is
accepted, it creates no legal rights and it may be terminated at any time
in a variety of ways.
QUALITY OF ACCEPTANCE
Acceptance of an offer must be absolute and must correspond with the

terms of the offer. This rule, a key constituent of the basic premise, does
not always accord with the realities of complex business contract
negotiations today. Such negotiations may indeed proceed through a
series of proposals, counterproposals, withdrawals, variations and
qualifications, before agreement (or otherwise) is reached. When parties
carry on lengthy negotiations, it may be hard to say exactly when an offer

has been made and accepted.
Electronic WarfareIn the meantime, the possibilities of computer

manipulations have also been recognized in the military sector. Strategic
Information Warfare has become a form of potential warfare of its own.
This type of warfare is primarily directed to paralyze or manipulate the
adversarys computer systems. The dependency of military systems on
modern information systems became evident in 1995 when a tiger-team
of the US Air Force succeeded in sending seven ships of the US Navy to a
wrong destination due to manipulations via computer networks. Experts
point out the possible danger originating from a manipulated nuclear
power station in order to stress that computer misuse has become a
global threat and the security of modern computer systems has gained
central significance for the information society of our days.(Prof.Ulrich
Sieber, 1999)2. What are the essentials of a cyber contract?
Ans: The formation of a valid contract is governed by the Indian Contract
Act, 1872. A contract could be made in any form to show an agreement
between two parties which takes into account all the essentials of a
contract. Writing is not essential for the validity of a contract except
where a specific statutory provision requires writing.
The essentials of a (valid) contract are: Consideration
Consideration is not required for a promise to compensate, wholly or in

part, a person who has already voluntarily done something for the
promisor or something which the promisor was legally compellable to do.
It is also not required for a written and signed promise by the debtor (or
his duly authorized agent) to pay a time-barred debt to the creditor.
CAPACITY OF THE PARTIES A person is competent to contract if, at the

time of making it, he is of sound mind, major and not disqualified from
contracting under law. Where he has not attained the age of 18 years (or
being under a court of wards, has not attained the age of 21 years), he
cannot contract. Agreements made by minors are void. Minors cannot, on
attaining majority, ratify agreements entered into during their minority.
But if a minor makes a fraudulent misrepresentation about his age and
obtains a loan, he can be required to refund it or to make compensation
for it.
UNLAWFUL AGREEMENTS An agreement whose consideration or object

is unlawful, is void. The consideration or object of an agreement is
unlawful, if it is forbidden by law or it would defeat the provisions of and
law, is fraudulent, or involves or implies injury to the person or property
of another or the court regards it as immoral or opposed to public policy.
A party to an illegal agreement who has advanced money under it to the
other party is entitled to recover it, if the illegal purpose has not been
partly or wholly carried out.
PERSONS BOUND BY CONTRACT Promises bind the promisors and (in

case of death of promisors before performance) their legal
representatives, unless there is a contract to the contrary, or the nature
of the contract is such that it depends upon the personal qualifications
of any party.



What Is

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

What Is

Uploaded by

Copyright:

Available Formats

1. What is .NET Framework?

The .NET Framework is the foundation on which you can design,

2. What does .NET Framework consists of?

3. Write a note on:

The .NET Framework includes platform technologies like ADO.NET,

The code execution process involves the conversion of Intermediate

4. Which are the platform technologies supported by .NET Framework?

Backward compatibility refers to the ability of a technology to work with

7. Does .NET platform support backward compatibility? Explain.

The .NET platform supports backward compatibility. It is possible for an

In addition to the above example, the .NET platform supports backward

VB applications can work on VB.NET and ASP applications can run on

1. What are the different types of application architectures? Or modified

The different types of application architectures are:

Single-tier: A single application handles all functions related to the user,

Two-tier: The two-tier architecture divides an application into the

Client: Implements the user interface

Three-tier: In the case of three-tier architecture, all the three service

n-tier: An n-tier application uses business objects for handling business

5. List the advantages of .NET Framework.

.NET languages resulting in a consistent object model regardless of the

n Ease of application deployment: The .NET Framework manages the

n Improved security: The .NET Framework provides several mechanisms

Code Access Security (CAS) uses permissions to control the code

applications from different sources to communicate with each other. Web

Ease of creating dynamic Web content: Dynamic Web content is

Visual Studio .NET: Visual Studio .NET is the Microsoft application

2. What is the difference between a project and a solution?

In Visual Studio .NET, an application can be made up of one or more

an application. When you build a project, it usually results in the

3. What does the Visual Studio .NET IDE provide?

4. Why is XML used as a common data format to transfer data among

XML is a cross-platform, hardware and software independent markup

to transfer structured data between heterogeneous systems. XML is used

6. What is an iterative statement? Explain foreach statement with

static void Main()

int[] array1 = new int[] {1,2,3,4,5};

foreach (int i in array1)

Console.WriteLine(Value is {0}, i);

In the above example, the foreach statement iterates through the

1. With a neat diagram, explain the .NET Framework architecture.The

provides all those different platforms technologies that we were talking

8. What are checked and unchecked statements? Give an example.

expressions in the unchecked block to be evaluated in an unchecked

Consider the following example:

static void Main()

Console.WriteLine(x + 1); // Exception

Console.WriteLine(x + 1); // Overflow

2. List out the .net architecture and its component///objectives of the

n To provide a code-execution environment that guarantees safe

n To provide a code-execution environment that eliminates the

n To ensure consistency across varying types of applications, such as

n To build all communication on industry standards to ensure that code

3. How is Windows Programming different from .NET Programming.

In Windows Programming, the application programs call Windows API

In .NET Programming, the application calls the .NET BCL functions

9. Give an example of lock and using statements.Example of lock

In the above code snippet, a block of code obtains a mutual-exclusion

Example of using statement:

static void Main()

using (Resource r = new Resource())

n The CLR makes it easy to design components and applications whose

The managed execution process includes the following steps: