Bangladesh Bank,
Assistant Maintenance Engineer, 2017
1. Describe Addressing modes of 8086 microprocessor.
The way of specifying
data to be operated by an instruction is known as addressing modes. This
specifies that the given data is an immediate data or an address. It also
specifies whether the given operand is register or register pair.
Types of addressing
modes:
Register mode – In this type of addressing mode both the operands are registers.
Example:
MOV AX, BX
XOR AX, DX
ADD AL, BL
Immediate mode – In this type of addressing mode the source operand is a 8 bit or
16 bit data. Destination operand can never be immediate data.
Example:
MOV AX, 2000
MOV CL, 0A
ADD AL, 45
AND AX, 0000
Note that to initialize
the value of segment register an register is required.
MOV AX, 2000
MOV CS, AX
Displacement or direct mode – In this type of addressing mode the
effective address is directly given in the instruction as displacement.
Example:
MOV AX, [DISP]
MOV AX, [0500]
Register indirect mode – In this addressing mode the effective address is in SI, DI or
BX.
Example:
MOV AX, [DI]
ADD AL, [BX]
MOV AX, [SI]
Based indexed mode – In this the effective address is sum of base register and index
register.
Base register: BX, BP
Index register: SI,
DI
The physical memory
address is calculated according to the base register.
Example:
MOV AL, [BP+SI]
MOV AX, [BX+DI]
Indexed mode – In this type of addressing mode the effective address is sum of
index register and displacement.
Example:
MOV AX, [SI+2000]
MOV AL, [DI+3000]
Based mode – In this the effective address is the sum of base register and
displacement.
Example:
MOV AL, [BP+ 0100]
Based indexed displacement mode – In this type of addressing mode the
effective address is the sum of index register, base register and displacement.
Example:
MOV AL, [SI+BP+2000]
String mode – This
addressing mode is related to string instructions. In this the value of SI and
DI are auto incremented and decremented depending upon the value of directional
flag.
Example:
MOVS B
MOVS W
Input/Output mode – This addressing mode is related with input output operations.
Example:
IN A, 45
OUT A, 50
Relative mode –
In this the effective
address is calculated with reference to instruction pointer.
Example:
JNZ 8 bit address
2. How
many subnets and hosts per subnet can you get from the network 172.20.0.0/27?
3. What
is the difference between latch and flip-flop?
Here are few
differences between Latch Vs Flip-flop for your reference below:
|
Latch |
Flip-Flop |
|
Latch is transparent – because input is directly connected to
output when enable is high. It means Latch is sensitive to pulse duration
(also called soft barrier) |
Flip-flop is a pair of latches (master and slave flop).
Flip-flop is sensitive to pulse transition. The signal only propagates
through on the rising/falling edge (also called hard barrier) |
|
Less Area (less gates) |
More Area (more gates) because flip-flop contains two latches. |
|
Less Power (less gates) |
More Power (more gates) |
|
Fast – |
Slow – |
|
Require more tool manipulation and more hand-calculations to
verify that they meet timing |
Easy to check design timing using Static Timing Analysis (STA)
tools |
|
Cycle-borrowing to gain more setup time on the next register
stage, as long as each loop completes in one cycle To meet the timing in the design, Designers consider latches
to adjust timing mismatch. |
Data launches on one
rising edge, so it must setup before next rising edge. If it arrives late,
system fails. If it arrives early, time is wasted due to hard edges in Flops |
|
For ASICs with large
clock skew, latches have substantial benefits for reducing the clock period |
Even for the high
speed pulsed flip-flops with zero setup time, as they are not transparent,
the impact of the clock skew is not reduced |
|
Level-sensitive
latches reduce the impact of inaccuracy of wire load models and process
variation. |
Flip-flops demands
for the highly accurate wire load model and process |
|
In DFT, Latches
needed as a lockup state at the clock domain crossings in the scan chain to
avoid unpredictable behavior |
In DFT, use flops
that can be scanned (controllable and observable) |
|
In FPGA,
level-sensitive transparent latches should be avoided in FPGAs |
In FPGA,
edge-sensitive flip-flops are used exclusively. Timings analysis is more
appropriate with flops for FPGA tools |
|
Circuit analysis is
complex. You may see last minutes timing mismatch surprises at the
implantation stage. |
Circuit analysis is
easy |
4. Create
a 2-to-1 Multiplexer?
A 2-to-1 multiplexer consists of two inputs D0 and D1, one select input S and one output Y. Depends on the select signal, the output is connected to either of the inputs. Since there are two input signals only two ways are possible to connect the inputs to the outputs, so one select is needed to do these operations.
5. What
is the difference between battery and capacitor?
6. Write
short note on DHCP and SMTP?
DHCP
The Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default gateway, and other IP parameters. [1]
When a
DHCP-configured client (be it a computer or any other network aware device)
connects to a network, the DHCP client sends a broadcast query requesting
necessary information from a DHCP server.
SMTP
SMTP
is a relatively simple, text-based protocol, in which one or more recipients of
a message are specified (and in most cases verified to exist) along with the
message text and possibly other encoded objects. The message is then
transferred to a remote server using a procedure of queries and responses
between the client and server. Either an end-user’s email client, a.k.a. MUA
(Mail User Agent), or a relaying server’s MTA (Mail Transport Agents) can act
as an SMTP client.
7. What is session hijacking and how to encrypt username and password in PHP?
Session Hijacking
Session hijacking is an attack where the attacker steals a
user's active session with a website to gain unauthorized access to actions and
information on that website.
Sessions
store information about a user on the server-side, usually either in a file or
a database. Sessions are more secure than putting user data into browser
cookies because the data being stored never leaves the server. However, to
identify the user and give them access to the session data, it is necessary to
set a session reference identifier ("session ID") in a browser cookie.
This session ID is vulnerable to theft because cookies are visible in storage
and in transit. (Every request to the server will send visible cookie data.)
Discovering the session ID provides an attacker access to all session data. But
even worse, the attacker can impersonate the user. This is called "session
hijacking".
The server
must assume that any request including a user's session ID must be originating
from the user's browser. An attacker can send a request with the user's session
ID and assume for themselves any previous state set in the session. The session
is often used to maintain the user's logged-in state or other authorization to
perform access-restricted actions. A hijacker with a logged-in session can
perform any action which the user could perform. They can transfer money. They
can view and edit personal information. They can change the account password,
which will lock out the real user. They can impersonate the user and send
communications to friends and coworkers as a spear phishing attack
8. What are the important steps to secure a web server?
Below
is a list of tasks one should follow when securing a web server.
1. Remove Unnecessary
Services
Default
operating system installations and configurations, are not secure. In a typical
default installation, many network services which won’t be used in a web server
configuration are installed, such as remote registry services, print server
service, RAS etc.
2. Remote access
Although
nowadays it is not practical, when possible, server administrators should login
to web servers locally. If remote access is needed, one must make sure that the
remote connection is secured properly, by using tunneling and encryption
protocols.
3. Separate development /
testing / production environment
Since
it is easier and faster for a developer to develop a newer version of a web
application on a production server, it is quite common that development and
testing of web applications are done directly on the production servers itself.
It is a common occurrence on the internet to find newer versions of a specific
website, or some content which should not be available to the public in
directories such as /test/, /new/ or other similar sub directories.
4 .Web application content
and server-side scripting
The
web application or website files and scripts should always be on a separate
partition or drive other than that of the operating system, logs and any other
system files. Through experience we’ve learnt that hackers who gained access to
the web root directory, were able to exploit other vulnerabilities, and were
able to go a step further and escalate their privileges to gain access to the
data on the whole disc, including the operating system and other system files.
5. Permissions and
privileges
File
and network services permissions play a vital role in web server security. If a
web server engine is compromised via network service software, the malicious
user can use the account on which the network service is running to carry out
tasks, such as execute specific files.
6. Install all security
patches on time
Although
having fully patched software does not necessarily mean your server is fully
secure, it is still very important to update your operating system and any
other software running on it with the latest security patches. Up untill this
day, hacking incidents still occur because hackers took advantage and exploited
un-patched servers and software.
7. Monitor and audit the
server
All
the logs present in a web server, should ideally be stored in a segregated
area. All network services logs, website access logs, database server logs
(e.g. Microsoft SQL Server, MySQL, Oracle) and operating system logs should be
monitored and checked frequently.
8. User accounts
Unused
default user accounts created during an operating system install should be
disabled. There is also a long list of software that when installed, user
accounts are created on the operating system. Such accounts should also be
checked properly and permissions need to be changed required.
9. Remove all unused
modules and application extensions
A
default Apache installation has a number of pre-defined modules enabled, which
in a typical web server scenario are not used, unless they are specifically
needed. Turn off such modules to prevent targeted attacks against such modules.
10. Use security tools
provided with web server software
Microsoft
released a number of tools to help administrators secure IIS web server
installations, such as URL scan. There is also a module called mod_security for
Apache. Although configuring such tools is a tedious process and can be time
consuming, especially with custom web applications, they do add an extra bit of
security and piece of mind.
11. Stay informed
Nowadays,
information and tips on the software and operating system being used can be
found freely on the internet. It is very important to stay informed and learn
about new attacks and tools, by reading security related magazines and
subscribing to newsletters, forums or any other type of community.
12. Use Scanners
Scanners
are handy tools that help you automate and ease the process of securing a web
server and web applications
0 মন্তব্যসমূহ