networking related paper

FINAL Examination
CSE50 Spring 2021
June 4, 2021

Instructions:

1. You may use any sources, including books, online sources, lecture slides, or
lecture notes to answer the questions.

2. If you use statements or data from any source directly in your answers, you
must add a reference to the source.

3. This is a test of your knowledge. As such your answers must be your own

work. No collaboration with other students is allowed.

4. A Declaration of Own Work, in which you contractually confirm that the
answers you submit are entirely your own work, is included with this final
exam. You must sign this Declaration and submit it with your answers to the
exam. If you do not submit this Declaration, your submission will not be
graded and you will receive 0 points for the final exam.

5. Submit your answers and your Declaration of Own Work on the Canvas class

website in pdf format by 23:59:59 on Wednesday, June 9, 2021. Ensure that
your name and “CSE50 S21 Final Exam” are clearly visible on every page you
submit. NO LATE SUBMISSIONS WILL BE ACCEPTED.

6. Read the iPremier case study below about the sequence of events during a

SYN flood attack experienced by the company, and then answer the questions
following the case study. The approximate time that each question is likely to
require is indicated at the end of the introduction to each question.

Total points: 105

Question 1: (10 minutes)
Exhibit 1 illustrates the services provided by QData. Which of the three primary cloud
computing models does this QData service represent? Justify your answer in no more than
150 words. [5 points]

Question 2: (15 minutes)
2.1) In 3 or 4 sentences, describe the feature of the TCP protocol that caused the iPremier
web server to no longer respond to actual customers’ web access attempts during the SYN
flood attack. [5 points]

2.2) In 3 or 4 sentences, explain why the hackers could force the failure to occur specifically
at the iPremier web server and not at other compute or networking elements that an
attacker’s web request traverses? [5 points]

Question 3: (10 minutes)
In 3 or 4 sentences, describe the function of the Domain Name Servers (DNS servers) in
Exhibit 1. In 150 words or less describe why the DNS servers were not the cause of failure
during the attack. [5 points]

Question 4: (10 minutes)
The database server in Exhibit 1 contains a MySQL database management system. Among the
tables in the database are 2 tables: “Customers” and “Orders”. Each table contains a field
called “name”. Describe the result of each of the following queries (this will require you to do
some research on the “Inner Join” and “Outer Join” key words in SQL):

SELECT * FROM Customers
INNER JOIN Orders
ON Customers.name=Orders.name

SELECT * FROM Customers
LEFT OUTER JOIN Orders
ON Customers.name=Orders.name
[5 points]

Question 5: (30 minutes)
5.1) Describe which OSI layers are traversed by a client web page request as its packets
progress from entering the QData facility at the QData internet router to the iPremier web
server, for each of the following networking and compute components: 1) the internet router
at the QData facility, 2) the router/firewall in the iPremier “cage” at QData, 3) the ethernet
switch and 4) an iPremier web server in the web server cluster. [10 points]

5.2) Illustrate your answer to 5.1) with a diagram showing all the OSI layers implemented in
each of these four components and highlight the path of the web request packets through
these layers. [10 points]

Question 6: (20 minutes)
6.1) In 2 or 3 sentences each, describe four business processes that were poorly implemented
at iPremier and that negatively impacted iPremier’s ability to respond to the attack. [10
points]

6.2) For each of the poorly implemented business processes that you identified in 6.2, identify
appropriate changes to the business processes that iPremier could implement to correct each
of these business process failures. Describe how your proposed changes will improve
iPremier’s ability to respond to a SYN Flood attack in 2 or 3 sentences for each change. [10
points]

Question 7: (25 minutes)
As the new CIO at iPremier, you decide that it is necessary replace the QData facility and
services. You have narrowed your options down to three choices: 1) Migrate your entire data
center to IaaS cloud provider Amazon Web Services; 2) Migrate your entire data center to
PaaS cloud provider Microsoft Azure; 3) Build and provision your own data center.

Create a table with “Microsoft”, “Amazon” and “iPremier” as the tags for three rows of the
table and “Advantages” and “Disadvantages” as tags for two columns. Identify and insert in
the table two key advantages and 2 key disadvantages for each of the three options,
describing each advantage and disadvantage in 1 or 2 sentences. Which option would you
choose? Justify your answer in 150 words or less. [15 points]

Question 8: (40 minutes)
You have presented your proposal for replacing the QData facility (Question 7) to the CEO
and Board of Directors and they have approved it, with one major caveat: they required you
to ensure that the transition is seamless so that no lost business is incurred. You agree to
describe your implementation plan at a special meeting of the Board within 1 week.

8.1) Given the importance of this transition to the company, and in preparation for that
meeting, identify and list by business function the appropriate technical and leadership teams
that you think are necessary to successfully implement this transition. (hint: the Cisco case
study may be a good reference here) [5 points]

8.2) You plan to use Lean Disciplined Agile Development (Scrum) to implement your
proposal. In 150 words or less, describe to the Board of Directors how the Scrum process will
enable you to accurately track when the project will be completed. [10 points]

8.3) As part of this project, you also recommended, and the Board agreed, that iPremier
should deploy an AI driven Extended Detection and Response (XDR) system to significantly
reduce the likelihood of a SYN Flood attack succeeding again. In 2 or 3 sentences describe
how an XDR system works. Then, in 150 words or less, describe how such an XDR system
could prevent SYN Flood attacks (this may require you to do some research on XDR systems).
[10 points]

CSE50 S21 Final Examination
June 4, 2021

DECLARATION OF OWN WORK

I hereby declare that all answers I have submitted for the CSE50 Spring 2021 Final

Examination are entirely my own work. I further declare that I have not collaborated

in any way with any other student in the CSE50 Spring 2021 class in preparing my

answers to the CSE50 Spring 2021 Final examination.

Name: _________________________________________________________

Signature: _____________________________________________________

Date: ___________________________________________________________