Monday, October 09, 2017

Solution of Senior Officer (IT) written exam 2017 of Bangladesh development bank limited (BDBL)

24bdjobnes || A job news portal of Bangladesh including govt, non-got, private, bank, school, collage, madrasa, university, government, non-government

Bangladesh Development Bank Limited (BDBL) Written Test for the post of Senior Officer (IT) BDBL Job Exam question 2017 which has been held on 06.10.2017 is solution-ed. Read further more this post for the solution.Check the link for the question. [download question here] or [download question here] and read further more this post for the solution.

You can get all bank related information in http://24bdjobnews.blogspot.com/ or https://erecruitment.bb.org.bd/

Details..  [download]

Advertisements 

Download Application Form 

Advertisements

http://24bdjobnews.blogspot.com/

Advertisements 

Download Application Form 

Advertisements

Solution of Senior Officer (IT) written exam 2017of Bangladesh development bank limited (BDBL)

See the picture below for question only

Advertisements 

Download Application Form 

Advertisements


Advertisements 

Download Application Form 

Advertisements

Solution of Senior Officer (IT) written exam 2017of Bangladesh development bank limited (BDBL)

Solution


There are 10 questions with 200 full marks. 1-9 (marks: 170) are written and 10 (marks 30) is multiple choice question



1.Discuss architecture of Java Virtual Machine JVM?

Ans: JVM Architecture – Understanding JVM Internals

Every Java developer knows that bytecode will be executed by JRE (Java Runtime Environment). But many doesn’t know the fact that JRE is the implementation of Java Virtual Machine (JVM), which analyzes the bytecode, interprets the code and executes it. It is very important as a developer we should know the Architecture of JVM, this enables us to write code more efficiently. In this JVM architecture in Java with diagram article, we will learn more deeply about JVM architecture in Java and different components of a JVM.
What is a JVM in Java ?

Advertisements 

Download Application Form 

Advertisements

A Virtual Machine is a Software implementation of a Physical Machine, Java was developed with the concept of WORA ( Write Once Run Anywhere ) which runs on a VM. The compiler will be compiling the java file into a java .class file. The .class file is input to JVM which Loads and executes the class file. Below goes the Architecture of JVM.

https://24bdjobnews.blogspot.com/
JVM Architecture Diagram

How JVM works in Java ?

As shown in the above architecture diagram JVM is divided into three main subsystems

1. Class Loader Subsystem
2. Runtime Data Area
3. Execution Engine

1. Class Loader Subsystem

Java’s dynamic class loading functionality is handled by the class loader subsystem. It loads, links and initializes the class when it refers to a class for the first time at runtime, not at compile-time. It performs three major functionality such as Loading, Linking, and Initialization.

1.1 Loading

Classes will be loaded by this component. BootStrap ClassLoader, Extension ClassLoader, Application ClassLoader are the three class loader which will help in achieving it.

1. BootStrap ClassLoader – Responsible for loading classes from the bootstrap classpath, nothing but rt.jar. Highest priority will be given to this loader.

Extension ClassLoader – Responsible for loading classes which are inside ext folder (jre\lib)

2. Application ClassLoader –Responsible for loading Application Level Classpath, path mentioned Environment Variable etc.

The above Class Loaders will follow Delegation Hierarchy Algorithm while loading the class files.
1.2 Linking

1. Verify – Bytecode verifier will verify whether the generated bytecode is proper or not if verification fails we will get verification error

Advertisements 

Download Application Form 

Advertisements

2. Prepare – For all static variables memory will be allocated and assigned with default values.

3. Resolve – All symbolic memory references are replaced with the original references from Method Area.

1.3 Initialization

This is the final phase of Class Loading, here all static variable will be assigned with the original values and static block will be executed.

2. Runtime Data Area

Runtime Data Area is divided into 5 major components

1. Method Area – All the Class level data will be stored here including static variables. Method Area is one per JVM and it is a shared resource.

2. Heap Area – All the Objects and its corresponding instance variables and arrays will be stored here. Heap Area is also one per JVM since Method area and Heap area shares memory for multiple threads the data stored is not thread safe.

3. Stack Area – For every thread, a separate runtime stack will be created. For every method call, one entry will be made in the stack memory which is called as Stack Frame. All local variables will be created in the stack memory. Stack area is thread safe since it is not a shared resource. Stack Frame is divided into three sub-entities such as

1. Local Variable Array – Related to the method how many local variables are involved and the corresponding values will be stored here.

2. Operand stack – If any intermediate operation is required to perform, operand stack act as runtime workspace to perform the operation.

3. Frame data – All symbols corresponding to the method is stored here. In the case of any exception, the catch block information will be maintained in the frame data.

4. PC Registers – Each thread will have separate PC Registers, to hold address of current executing instruction once the instruction is executed the PC register will be updated with the next instruction

5. Native Method stacks – Native Method Stack holds native method information. For every thread, separate native method stack will be created.

3. Execution Engine

The bytecode which is assigned to the Runtime Data Area will be executed by the Execution Engine. The Execution Engine reads the byte code and executes one by one.

* Interpreter – Reads the bytecode, interprets it and executes it one by one. The interpreter interprets the bytecode faster but executes slowly. The disadvantage of the interpreter is that when one method called multiple times, every time interpretation is required.

* JIT Compiler – JIT Compiler neutralizes the disadvantage of the Interpreter ( a single method called multiple times, each time interpretation is required ), The Execution Engine will be using the help of Interpreter in converting but when it found repeated code it uses JIT compiler which compiles the entire bytecode and changes it to native code. This native code will be used directly for repeated method calls which improve the performance of the system.
Advertisements 

Download Application Form 

Advertisements

1. Intermediate Code generator – produces intermediate code
2. Code Optimizer – Code Optimizer is responsible for optimizing the intermediate code generated above
3. Target Code Generator – Target Code Generator is responsible for Generating Machine Code/ Native Code
4. Profiler – Profiler is a special component, it is responsible for finding the hotspots (i.e) Used to identify whether the method is called multiple time or not.

3. Garbage Collector : Garbage Collector is a part of Execution Engine, it collects/removes the unreferenced objects. Garbage Collection can be triggered by calling “System.gc()”, but the execution is not guaranteed. Garbage collector of JVM collects only those objects that are created by new keyword. So if you have created any object without new, you can use finalize method to perform cleanup. .

Or Answer Java architecture 

1. Compilation and interpretation in Java

Java combines both the approaches of compilation and interpretation. First, java compiler compiles the source code into bytecode. At the run time, Java Virtual Machine (JVM) interprets this bytecode and generates machine code which will be directly executed by the machine in which java program runs. So java is both compiled and interpreted language.

Figure 1: Java Architecture


2. Java Virtual Machine (JVM)

JVM is a component which provides an environment for running Java programs. JVM interprets the bytecode into machine code which will be executed the machine in which the Java program runs.

3. Why Java is Platform Independent?

Platform independence is one of the main advantages of Java. In another words, java is portable because the same java program can be executed in multiple platforms without making any changes in the source code. You just need to write the java code for one platform and the same program will run in any platforms. But how does Java make this possible?

As we discussed early, first the Java code is compiled by the Java compiler and generates the bytecode. This bytecode will be stored in class files. Java Virtual Machine (JVM) is unique for each platform. Though JVM is unique for each platform, all interpret the same bytecode and convert it into machine code required for its own platform and this machine code will be directly executed by the machine in which java program runs. This makes Java platform independent and portable.

Let’s make it more clear with the help of the following diagram. Here the same compiled Java bytecode is interpreted by two different JVMS to make it run in Windows and Linux platforms.

Figure 2: Java Architecture


4. Java Runtime Environment (JRE) and Java Architecture in Detail

Java Runtime Environment contains JVM, class libraries and other supporting components.

As you know the Java source code is compiled into bytecode by Java compiler. This bytecode will be stored in class files. During runtime, this bytecode will be loaded, verified and JVM interprets the bytecode into machine code which will be executed in the machine in which the Java program runs.

A Java Runtime Environment performs the following main tasks respectively.

1. Loads the class
This is done by the class loader

2. Verifies the bytecode
This is done by bytecode verifier.

3. Interprets the bytecode
This is done by the JVM. These tasks are described in detail in the subsequent sessions.A detailed Java architecture can be drawn as given below.


Figure 3: Java Architecture in Detail


4.1. Class loader
Advertisements 

Download Application Form 

Advertisements

Class loader loads all the class files required to execute the program. Class loader makes the program secure by separating the namespace for the classes obtained through the network from the classes available locally. Once the bytecode is loaded successfully, then next step is bytecode verification by bytecode verifier.

4.2. Byte code verifier

The bytecode verifier verifies the byte code to see if any security problems are there in the code. It checks the byte code and ensures the followings.

1. The code follows JVM specifications.
2. There is no unauthorized access to memory.
3. The code does not cause any stack overflows.
4. There are no illegal data conversions in the code such as float to object references.

Once this code is verified and proven that there is no security issues with the code, JVM will convert the byte code into machine code which will be directly executed by the machine in which the Java program runs.

4.3. Just in Time Compiler

You might have noticed the component “Just in Time” (JIT) compiler in Figure 3. This is a component which helps the program execution to happen faster. How? Let’s see in detail.

As we discussed earlier when the Java program is executed, the byte code is interpreted by JVM. But this interpretation is a slower process. To overcome this difficulty, JRE include the component JIT compiler. JIT makes the execution faster.

If the JIT Compiler library exists, when a particular bytecode is executed first time, JIT complier compiles it into native machine code which can be directly executed by the machine in which the Java program runs. Once the byte code is recompiled by JIT compiler, the execution time needed will be much lesser. This compilation happens when the byte code is about to be executed and hence the name “Just in Time”.

Once the bytecode is compiled into that particular machine code, it is cached by the JIT compiler and will be reused for the future needs. Hence the main performance improvement by using JIT compiler can be seen when the same code is executed again and again because JIT make use of the machine code which is cached and stored.


5. Why Java is Secure?
Advertisements 

Download Application Form 

Advertisements

As you have noticed in the prior session “Java Runtime Environment (JRE) and Java Architecture in Detail”, the byte code is inspected carefully before execution by Java Runtime Environment (JRE). This is mainly done by the “Class loader” and “Byte code verifier”. Hence a high level of security is achieved.

6. Garbage Collection

Garbage collection is a process by which Java achieves better memory management. As you know, in object oriented programming, objects communicate to each other by passing messages. (If you are not clear about the concepts of objects, please read the prior chapter before continuing in this session).

Whenever an object is created, there will be some memory allocated for this object. This memory will remain as allocated until there are some references to this object. When there is no reference to this object, Java will assume that this object is not used anymore. When garbage collection process happens, these objects will be destroyed and memory will be reclaimed.

Garbage collection happens automatically. There is no way that you can force garbage collection to happen. There are two methods “System.gc()” and “Runtime.gc()” through which you can make request for garbage collation. But calling these methods also will not force garbage collection to happen and you cannot make sure when this garbage collection will happen.

2.A program sorts an array of integer. Write down the code that tests the sorting algorithms written in the program.

Ans: Will be updated soon
Advertisements 

Download Application Form 

Advertisements

3.Write a program using any programming language of your choice that reads five number from [20] keyboard and display the Smaller, larger and the average number scanf(“%d %d %d %d %d’,&ai1,&ai2,&ai3,&ai4,&ai5)

Ans: Will be updated soon
Advertisements 

Download Application Form 

Advertisements

4.Write down the name of different attack through Internet. 

Ans: Common Types of Network Attacks

Without security measures and controls in place, your data might be subjected to an attack. Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself.

Your networks and data are vulnerable to any of the following types of attacks if you do not have a security plan in place.
Advertisements 

Download Application Form 

Advertisements

In general, the majority of network communications occur in an unsecured or "cleartext" format, which allows an attacker who has gained access to data paths in your network to "listen in" or interpret (read) the traffic. When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, your data can be read by others as it traverses the network.

Data Modification

After an attacker has read your data, the next logical step is to alter it. An attacker can modify the data in the packet without the knowledge of the sender or receiver. Even if you do not require confidentiality for all communications, you do not want any of your messages to be modified in transit. For example, if you are exchanging purchase requisitions, you do not want the items, amounts, or billing information to be modified.

Identity Spoofing (IP Address Spoofing)

Most networks and operating systems use the IP address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to be falsely assumed— identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet.

After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data. The attacker can also conduct other types of attacks, as described in the following sections.

Password-Based Attacks

A common denominator of most operating system and network security plans is password-based access control. This means your access rights to a computer and network resources are determined by who you are, that is, your user name and your password.

Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user.

When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time.


After gaining access to your network with a valid account, an attacker can do any of the following:

· Obtain lists of valid user and computer names and network information.

· Modify server and network configurations, including access controls and routing tables.

· Modify, reroute, or delete your data.

Denial-of-Service Attack
Advertisements 

Download Application Form 

Advertisements

Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users.


After gaining access to your network, the attacker can do any of the following:

· Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion.

· Send invalid data to applications or network services, which causes abnormal termination or behavior of the applications or services.

· Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.

· Block traffic, which results in a loss of access to network resources by authorized users.

Man-in-the-Middle Attack

As the name indicates, a man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data.

Man-in-the-middle attacks are like someone assuming your identity in order to read your message. The person on the other end might believe it is you because the attacker might be actively replying as you to keep the exchange going and gain more information. This attack is capable of the same damage as an application-layer attack, described later in this section.

Compromised-Key Attack
Advertisements 

Download Application Form 

Advertisements

A key is a secret code or number necessary to interpret secured information. Although obtaining a key is a difficult and resource-intensive process for an attacker, it is possible. After an attacker obtains a key, that key is referred to as a compromised key.

An attacker uses the compromised key to gain access to a secured communication without the sender or receiver being aware of the attack.With the compromised key, the attacker can decrypt or modify data, and try to use the compromised key to compute additional keys, which might allow the attacker access to other secured communications.

Sniffer Attack

A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key.

Using a sniffer, an attacker can do any of the following:

· Analyze your network and gain information to eventually cause your network to crash or to become corrupted.

· Read your communications.

Application-Layer Attack

An application-layer attack targets application servers by deliberately causing a fault in a server's operating system or applications. This results in the attacker gaining the ability to bypass normal access controls. The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do any of the following:

· Read, add, delete, or modify your data or operating system.

Advertisements 

Download Application Form 

Advertisements

· Introduce a virus program that uses your computers and software applications to copy viruses throughout your network.

· Introduce a sniffer program to analyze your network and gain information that can eventually be used to crash or to corrupt your systems and network.

· Abnormally terminate your data applications or operating systems.

· Disable other security controls to enable future attacks.


5.Describe the ACID property of Database.

Ans: ACID Properties ACID (atomicity, consistency, isolation, and durability)
A transaction is a very small unit of a program and it may contain several low level tasks. A transaction in a database system must maintain Atomicity, Consistency, Isolation, and Durability − commonly known as ACID properties − in order to ensure accuracy, completeness, and data integrity.

· Atomicity − This property states that a transaction must be treated as an atomic unit, that is, either all of its operations are executed or none. There must be no state in a database where a transaction is left partially completed. States should be defined either before the execution of the transaction or after the execution/abortion/failure of the transaction.

· Consistency − The database must remain in a consistent state after any transaction. No transaction should have any adverse effect on the data residing in the database. If the database was in a consistent state before the execution of a transaction, it must remain consistent after the execution of the transaction as well.

Advertisements 

Download Application Form 

Advertisements

· Durability − The database should be durable enough to hold all its latest updates even if the system fails or restarts. If a transaction updates a chunk of data in a database and commits, then the database will hold the modified data. If a transaction commits but the system fails before the data could be written on to the disk, then that data will be updated once the system springs back into action.

· Isolation − In a database system where more than one transaction are being executed simuopUltaneously and in parallel, the property of isolation states that all the transactions will be carried out and executed as if it is the only transaction in the system. No transaction will affect the existence of any other transaction.
Or Ans: ACID Properties ACID (atomicity, consistency, isolation, and durability)

ACID (atomicity, consistency, isolation, and durability) is an acronym and mnemonicdevice for learning and remembering the four primary attributes ensured to any transaction by a transaction manager (which is also called a transaction monitor). These attributes are:

In this expert-led tutorial, senior DBA and technical trainer Basit Farooq provides a step-by-step guide for using the SQL Server Import and Export Wizard to transfer data between SQL Server databases and Microsoft Excel worksheets.

  • Atomicity. In a transaction involving two or more discrete pieces of information, either all of the pieces are committed or none are.
  • Consistency. A transaction either creates a new and valid state of data, or, if any failure occurs, returns all data to its state before the transaction was started.
  • Isolation. A transaction in process and not yet committed must remain isolated from any other transaction.
  • Durability. Committed data is saved by the system such that, even in the event of a failure and system restart, the data is available in its correct state.

The ACID concept is described in ISO/IEC 10026-1:1992 Section 4. Each of these attributes can be measured against a benchmark. In general, however, a transaction manager or monitor is designed to realize the ACID concept. In a distributed system, one way to achieve ACID is to use a two-phase commit (2PC), which ensures that all involved sites must commit to transaction completion or none do, and the transaction is rolled back (see rollback).

Advertisements 

Download Application Form 

Advertisements

6.What is HTML canvas? Describe the difference between SVG and Canvas.

Ans: Canvas:
The HTML5 Canvas element is an HTML tag similar to the <div>, <a>, or <table> tag, with the exception that its contents are rendered with JavaScript. In order to leverage the HTML5 Canvas, we'll need to place the canvas tag somewhere inside the HTML document, access the canvas tag with JavaScript, create a context, and then utilize the HTML5 Canvas API to draw visualizations.

When using canvas, it's important to understand the difference between the canvas element and the canvas context, as often times people get these confused. The canvas element is the actual DOM node that's embedded in the HTML page. The canvas context is an object with properties and methods that you can use to render graphics inside the canvas element. The context can be 2d or webgl (3d).

Each canvas element can only have one context. If we use the getContext() method multiple times, it will return a reference to the same context object.

  • The HTML <canvas> element is used to draw graphics, on the fly, via JavaScript.
  • The <canvas> element is only a container for graphics. You must use JavaScript to actually draw the graphics.
  • Canvas has several methods for drawing paths, boxes, circles, text, and adding images.
Advertisements 

Download Application Form 

Advertisements

SVG: Scalable Vector Graphics (SVG) is an XML-based vector image format for two-dimensional graphics with support for interactivity and animation. The SVG specification is an open standard developed by the World Wide Web Consortium (W3C) since 1999.


· SVG stands for Scalable Vector Graphics

· SVG is used to define vector-based graphics for the Web

· SVG defines the graphics in XML format

· SVG graphics do NOT lose any quality if they are zoomed or resized

· Every element and every attribute in SVG files can be animated

· SVG is a W3C recommendation

· SVG integrates with other W3C standards such as the DOM and XSL


Comparing the Differences Canvas Vs SVG:

SVG Is Vector-based, Canvas Manipulates Pixels

SVG Relies on Files, Canvas Uses Pure Scripting

SVG images are defined in XML. As a result, every SVG element is appended to the Document Object Model (DOM) and can be manipulated using a combination of JavaScript and CSS. Moreover, you can attach an event handlers to a SVG element or update its properties based on another document event. Canvas, on the other hand, is a simple graphics API. It draws pixels (extremely well I might add) and nothing more. Hence, there's no way to alter existing drawings or react to events. If you want to update the Canvas image, you have to redraw it.
Advertisements 

Download Application Form 

Advertisements

Other Considerations

SVGs are considered to be more accessible because they support text. In the event that the browser does not support SVG, text content will still be displayed. The Canvas is dependent on JavaScript, so there can be an issue if the user has disabled JavaScript or uses an assistive device such as a reader that cannot interpret the JavaScript output. However, that can be remedied by including the <NOSCRIPT> tag. If you want to present the best user experience for those with JavaScript turned off, SVG would be your best choice.

For front-end designers, there's no question that SVG would be easier to configure, due to XML's high readability. This is the same reason that Frameworks like Spring have been so popular these last few years; pretty much anyone can use them. Canvas images are created programmatically and require some programming expertise that is more suited to a developer.

Conclusion

I've tried to provide some options here that you can hopefully apply to your own skillset and predispositions. There is no black and white answer to be found, so you'll have to weigh your options before committing to any one technology. Consider that SVG will result in slower rendering as document complexity increases due to SVG's integration into the DOM. Hence, SVG would probably not be best for dynamic applications like games. Downsides of the Canvas include poor text rendering capability, lack of animation, as well as mediocre accessibility support. The best advice I can give you is to choose the one that not only best fits the task at hand, but your own comfort level as well.
To know more always goggling!!!

7.What is garbage collection? Explain the difference between garbage collection in .NET 4.0 and earlier version of .NET.

Ans: Garbage Collection
Advertisements 

Download Application Form 

Advertisements

Garbage collection is a process by which Java achieves better memory management. As you know, in object oriented programming, objects communicate to each other by passing messages. (If you are not clear about the concepts of objects, please read the prior chapter before continuing in this session).

Whenever an object is created, there will be some memory allocated for this object. This memory will remain as allocated until there are some references to this object. When there is no reference to this object, Java will assume that this object is not used anymore.

When garbage collection process happens, these objects will be destroyed and memory will be reclaimed.

8.Write an essay on “Green Banking opportunities & challenges.

Ans: Will be updated soon

9.বাংলা প্রবন্ধ তৈরী করুন : বৈশ্বিক উষ্মতা বৃদ্ধি এবং এর উপর বাংলাদেশের প্রভাব

Ans: Will be updated soon

10. 20 multiple question with 30 marks.

Ans: Will be updated soon

Advertisements 

Download Application Form 

Advertisements

No comments: