Bangladesh Bank, AME/AE (IT), 2026
- 1Data Center & VirtualizationRAIDA maintenance engineer is setting up a RAID 5 array with five hard drives, each having a capacity of 4 TB. What is the total usable storage capacity, and why is it not 20 TB?
In RAID 5, the storage capacity of one drive is used for parity information.
Parity is used for fault tolerance and data recovery if one drive fails.
Given:
Number of drives = 5
Capacity of each drive = 4 TBTotal Raw Capacity
5 × 4 TB = 20 TB
Usable RAID 5 Capacity Formula
(Number of Drives − 1) × Drive Capacity
Calculation
(5 − 1) × 4 TB
= 4 × 4 TB
= 16 TBAnswer
Total Usable Storage Capacity = 16 TB
It is not 20 TB because RAID 5 uses the equivalent capacity of one drive for storing parity data, which provides redundancy and allows recovery if a drive fails.
একজন maintenance engineer পাঁচটি 4 TB hard drive ব্যবহার করে RAID 5 array তৈরি করছে। মোট usable storage capacity কত হবে এবং কেন এটি 20 TB নয়?
RAID 5-এ একটি drive-এর storage capacity parity information সংরক্ষণের জন্য ব্যবহৃত হয়.
Parity fault tolerance এবং drive failure হলে data recovery-এর জন্য ব্যবহৃত হয়.
প্রদত্ত:
Drive সংখ্যা = 5
প্রতিটি drive-এর capacity = 4 TBমোট Raw Capacity
5 × 4 TB = 20 TB
RAID 5 Usable Capacity Formula
(Number of Drives − 1) × Drive Capacity
গণনা
(5 − 1) × 4 TB
= 4 × 4 TB
= 16 TBউত্তর
মোট Usable Storage Capacity = 16 TB
এটি 20 TB নয় কারণ RAID 5-এ একটি drive-এর সমপরিমাণ storage parity data সংরক্ষণের জন্য ব্যবহৃত হয়, যা redundancy প্রদান করে এবং কোনো drive নষ্ট হলে data recovery করতে সাহায্য করে.
- 2Data Center & VirtualizationMaintenanceDistinguish between Preventive and Corrective maintenance with a real-world example for each in a data center environment. A critical system consists of three components: Power Supply, Motherboard, and Storage, connected in a series configuration. If each component has a reliability of 0.95, what is the total reliability of the system?
Preventive Maintenance: Preventive maintenance is the maintenance performed regularly before any failure occurs in order to reduce the chance of system breakdown. Its main goal is to prevent faults and improve system reliability.
Real-World Example:
In a data center, regularly cleaning server cooling fans and replacing UPS batteries before failure is an example of preventive maintenance.Corrective Maintenance: Corrective maintenance is the maintenance performed after a fault or failure has occurred to restore the system to normal operation. Its main goal is to repair failed components and resume service.
Real-World Example:
If a server hard disk suddenly fails in a data center and the technician replaces the failed disk to restore operation, it is corrective maintenance.Difference Between Preventive and Corrective Maintenance
Preventive Maintenance Corrective Maintenance Performed before failure occurs. Performed after failure occurs. Reduces possibility of breakdown. Restores failed system. Planned and scheduled maintenance. Unplanned maintenance. Improves reliability and lifespan. Focuses on repairing faults. Example: Cleaning cooling systems. Example: Replacing failed hard disk. Reliability Calculation of Series System: In a series configuration, total system reliability is the product of reliabilities of all components.
Given:
Reliability of Power Supply = 0.95
Reliability of Motherboard = 0.95
Reliability of Storage = 0.95Formula: R = R1 × R2 × R3
Calculation:
R = 0.95 × 0.95 × 0.95
R = 0.857375Answer: Total Reliability of the System = 0.857375 ≈ 85.74%
প্রশ্ন: Data Center Environment-এ Preventive এবং Corrective Maintenance-এর পার্থক্য বাস্তব উদাহরণসহ ব্যাখ্যা কর। এছাড়া একটি Series System-এর Reliability নির্ণয় কর।
Preventive Maintenance: Preventive maintenance হলো এমন maintenance যা কোনো fault বা failure হওয়ার আগেই নিয়মিতভাবে করা হয়, যাতে system breakdown-এর সম্ভাবনা কমে। এর মূল উদ্দেশ্য হলো fault প্রতিরোধ করা এবং system reliability বৃদ্ধি করা.
Real Example:
Data center-এ server cooling fan পরিষ্কার করা বা UPS battery failure হওয়ার আগেই পরিবর্তন করা preventive maintenance-এর উদাহরণ।Corrective Maintenance: Corrective maintenance হলো এমন maintenance যা fault বা failure হওয়ার পরে system-কে পুনরায় স্বাভাবিক অবস্থায় ফিরিয়ে আনতে করা হয়। এর মূল উদ্দেশ্য হলো faulty component repair বা replace করা.
Real Example:
Data center-এ কোনো server-এর hard disk হঠাৎ নষ্ট হলে সেটি পরিবর্তন করে system restore করা corrective maintenance-এর উদাহরণ।Preventive এবং Corrective Maintenance-এর পার্থক্য
Preventive Maintenance Corrective Maintenance Failure হওয়ার আগে করা হয়। Failure হওয়ার পরে করা হয়। Breakdown-এর সম্ভাবনা কমায়। Failed system পুনরুদ্ধার করে। Planned এবং scheduled maintenance। Unplanned maintenance। Reliability এবং lifespan বৃদ্ধি করে। Fault repair করার উপর গুরুত্ব দেয়। উদাহরণ: Cooling system পরিষ্কার করা। উদাহরণ: নষ্ট hard disk পরিবর্তন করা। Series System-এর Reliability নির্ণয়
Series configuration-এ total system reliability হলো সব component-এর reliability-এর গুণফল.
Power Supply-এর Reliability = 0.95
Motherboard-এর Reliability = 0.95
Storage-এর Reliability = 0.95সূত্র: R = R1 × R2 × R3
R = 0.95 × 0.95 × 0.95
R = 0.857375System-এর মোট Reliability = 0.857375 ≈ 85.74%
- 3Computer NetworkOSI/TCP-IP ModelAt which layer of the OSI model does a standard Router primarily operate, and what is the specific name of the Protocol Data Unit (PDU) at this layer? A router has four contiguous /24 routing table entries: 10.1.0.0/24, 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24. If you summarize these into a single route, what will be the new CIDR notation?
A standard router primarily operates at the Network Layer, which is Layer 3 of the OSI model.
The Protocol Data Unit (PDU) at the Network Layer is called a Packet.
Given Routing Entries:
10.1.0.0/24
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24These four networks are continuous or contiguous because their network addresses increase sequentially.
First Network: 10.1.0.0/24
Range: 10.1.0.0 to 10.1.0.255Second Network: 10.1.1.0/24
Range: 10.1.1.0 to 10.1.1.255Third Network: 10.1.2.0/24
Range: 10.1.2.0 to 10.1.2.255Fourth Network: 10.1.3.0/24
Range: 10.1.3.0 to 10.1.3.255Together, these four networks cover addresses from:
10.1.0.0 to 10.1.3.255Each /24 network contains 256 addresses.
So total addresses become:
256 + 256 + 256 + 256 = 1024 addressesTo represent 1024 addresses, 10 host bits are required.
Since IPv4 address contains 32 bits:
32 − 10 = 22Therefore, the summarized CIDR notation becomes:
10.1.0.0/22Final Answer:
Router Layer = Network Layer / Layer 3
PDU Name = Packet
Supernet = 10.1.0.0/22Standard router মূলত Network Layer-এ কাজ করে, যা OSI model-এর Layer 3।
Network Layer-এর Protocol Data Unit (PDU)-কে Packet বলা হয়।
প্রদত্ত Routing Entries:
10.1.0.0/24
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24এই চারটি network continuous বা contiguous কারণ network address ধারাবাহিকভাবে বৃদ্ধি পাচ্ছে।
প্রথম Network: 10.1.0.0/24
Range: 10.1.0.0 থেকে 10.1.0.255দ্বিতীয় Network: 10.1.1.0/24
Range: 10.1.1.0 থেকে 10.1.1.255তৃতীয় Network: 10.1.2.0/24
Range: 10.1.2.0 থেকে 10.1.2.255চতুর্থ Network: 10.1.3.0/24
Range: 10.1.3.0 থেকে 10.1.3.255এই চারটি network একসাথে নিচের address range cover করে:
10.1.0.0 থেকে 10.1.3.255প্রতিটি /24 network-এ 256টি address থাকে।
তাই মোট address সংখ্যা:
256 + 256 + 256 + 256 = 1024 addresses1024টি address প্রকাশ করার জন্য 10টি host bit দরকার হয়।
যেহেতু IPv4 address মোট 32 bit-এর হয়:
32 − 10 = 22তাই summarized CIDR notation হবে:
10.1.0.0/22Final Answer:
Router Layer = Network Layer / Layer 3
PDU Name = Packet
Supernet = 10.1.0.0/22
- 4Database Management SystemACIDWhat does the Consistency property in ACID guarantee during a bank fund transfer transaction? You are designing the schema for a Savings_Accounts table. Write the specific SQL constraint clause to ensure that the current_balance column can never drop below zero.
Consistency Property in ACID
- Consistency ensures that a database always remains in a valid state before and after a transaction.
- During a bank fund transfer transaction, consistency guarantees that all database rules and constraints are maintained properly.
For example, if money is transferred from one account to another:
- The amount deducted from one account must be added to the other account correctly.
- The total balance in the system must remain consistent.
- No account balance can become invalid or violate database rules.
If any part of the transaction fails, the entire transaction is rolled back to preserve consistency.
SQL Constraint Clause
To ensure that the current_balance column never becomes negative, the following CHECK constraint can be used:
CHECK (current_balance >= 0)Example in Table Schema
CREATE TABLE Savings_Accounts ( account_id INT PRIMARY KEY, customer_name VARCHAR(100), current_balance DECIMAL(10,2), CHECK (current_balance >= 0) );প্রশ্ন: ব্যাংক fund transfer transaction-এর সময় ACID-এর Consistency property কী নিশ্চিত করে? এছাড়া current_balance কখনো শূন্যের নিচে না যাওয়ার জন্য SQL constraint clause লিখ।
ACID-এর Consistency Property
- Consistency নিশ্চিত করে যে transaction-এর আগে এবং পরে database সবসময় valid অবস্থায় থাকবে।
- Bank fund transfer transaction-এর ক্ষেত্রে consistency নিশ্চিত করে যে database-এর সব rule এবং constraint সঠিকভাবে বজায় থাকবে।
উদাহরণস্বরূপ, যদি একটি account থেকে অন্য account-এ টাকা transfer করা হয়:
- এক account থেকে কাটা amount অবশ্যই অন্য account-এ সঠিকভাবে যোগ হতে হবে।
- System-এর মোট balance consistent থাকতে হবে।
- কোনো account balance invalid হতে পারবে না বা database rule ভঙ্গ করতে পারবে না।
যদি transaction-এর কোনো অংশ ব্যর্থ হয়, তাহলে পুরো transaction rollback হবে যাতে consistency বজায় থাকে।
SQL Constraint Clause
current_balance যেন কখনো negative না হয়, তার জন্য নিচের CHECK constraint ব্যবহার করা যায়:
CHECK (current_balance >= 0)Table Schema উদাহরণ
CREATE TABLE Savings_Accounts ( account_id INT PRIMARY KEY, customer_name VARCHAR(100), current_balance DECIMAL(10,2), CHECK (current_balance >= 0) );
- 5Operating SystemDeadlockBriefly explain Circular Wait. In a Resource Allocation Graph (RAG), if a cycle exists, does it absolutely guarantee that a Deadlock has occurred? Explain briefly.
Circular Wait
- Circular wait is one of the necessary conditions for deadlock.
- It occurs when a group of processes are waiting for resources in a circular chain.
- In this situation, each process holds at least one resource and waits for another resource held by the next process in the cycle.
Example:
- Process P1 holds Resource R1 and waits for R2.
- Process P2 holds Resource R2 and waits for R3.
- Process P3 holds Resource R3 and waits for R1.
This creates a circular waiting condition.

Cycle in Resource Allocation Graph (RAG)
If a cycle exists in a Resource Allocation Graph, it does not always guarantee deadlock.
- If each resource type has only one instance, then a cycle definitely indicates deadlock.
- If resource types have multiple instances, then a cycle may exist without deadlock.
So, a cycle is:
- A necessary condition for deadlock
- But not always a sufficient condition
Deadlock Detection using Resource Allocation Graph
To detect deadlock using Resource Allocation Graph (RAG), we follow these steps −
- If RAG contains no cycles, then there is no deadlock in the system.
- If RAG is of single instance resources and it contains a cycle, then there is a deadlock in the system.
- If RAG is of multiple instance resources and it contains a cycle, then deadlock may or may not exist. To check for deadlock, we need convert multiple instance RAG to single instance RAG, by treating each instance of a resource as a separate resource type.

In the graph:
- Resource R1 has only one instance.
- Resource R2 has two instances.
- P1 is holding R1 and requesting R2.
- P2 is holding one instance of R2 and requesting R1.
- P3 is using another instance of R2.
A cycle exists in the graph: P1 → R2 → P2 → R1 → P1
But this graph does not indicate deadlock.
Reason:
Resource R2 has multiple instances. One instance of R2 is currently allocated to P3.
If P3 finishes its work and releases R2, then:
- P1 can obtain R2 and complete execution.
- After P1 completes, it releases R1.
- Then P2 can obtain R1 and continue execution.
Since the processes can still proceed and resources can eventually be released, the system is not permanently blocked.
প্রশ্ন: Circular Wait সংক্ষেপে ব্যাখ্যা কর। Resource Allocation Graph (RAG)-এ cycle থাকলে কি নিশ্চিতভাবে Deadlock হয়েছে বোঝায়? সংক্ষেপে ব্যাখ্যা কর।
Circular Wait
- Circular wait হলো deadlock-এর একটি প্রয়োজনীয় শর্ত।
- এটি তখন ঘটে যখন একাধিক process একটি circular chain আকারে resource-এর জন্য অপেক্ষা করে।
- এখানে প্রতিটি process অন্তত একটি resource ধরে রাখে এবং পরবর্তী process-এর কাছে থাকা অন্য resource-এর জন্য অপেক্ষা করে।
উদাহরণ:
- Process P1 Resource R1 ধরে রেখে R2-এর জন্য অপেক্ষা করছে।
- Process P2 Resource R2 ধরে রেখে R3-এর জন্য অপেক্ষা করছে।
- Process P3 Resource R3 ধরে রেখে R1-এর জন্য অপেক্ষা করছে।
এভাবে একটি circular waiting condition তৈরি হয়।

Resource Allocation Graph (RAG)-এ Cycle
RAG-এ cycle থাকলেই সবসময় deadlock হয়েছে এমন নয়।
- যদি প্রতিটি resource type-এর শুধুমাত্র একটি instance থাকে, তাহলে cycle থাকলে নিশ্চিত deadlock হয়েছে।
- কিন্তু resource type-এর একাধিক instance থাকলে cycle থাকলেও deadlock নাও হতে পারে।
অতএব cycle হলো:
- Deadlock-এর জন্য একটি necessary condition
- কিন্তু সবসময় sufficient condition নয়

Graph-এ:
- Resource R1-এর একটি instance রয়েছে।
- Resource R2-এর দুটি instance রয়েছে।
- P1, R1 ধরে রেখে R2-এর জন্য অপেক্ষা করছে।
- P2, R2-এর একটি instance ধরে রেখে R1-এর জন্য অপেক্ষা করছে।
- P3, R2-এর অন্য instance ব্যবহার করছে।
Graph-এ একটি cycle রয়েছে:
P1 → R2 → P2 → R1 → P1
কিন্তু এই graph-এ deadlock নেই।
কারণ:
Resource R2-এর একাধিক instance রয়েছে। বর্তমানে R2-এর একটি instance P3 ব্যবহার করছে।
যদি P3 তার কাজ শেষ করে R2 release করে, তাহলে:
- P1, R2 পেয়ে execution সম্পন্ন করতে পারবে।
- P1 কাজ শেষ করলে R1 release করবে।
- তারপর P2, R1 পেয়ে execution চালিয়ে যেতে পারবে।
অর্থাৎ process-গুলো পরবর্তীতে execution চালিয়ে যেতে পারছে, তাই system permanently blocked নয়।
- 6Computer SecurityOthersA server suddenly starts sending abnormal traffic to external systems. Analyze the possible cause and suggest immediate actions.
Possible Causes
A server sending abnormal traffic may indicate security or system-related problems. Possible causes include:
- Malware or Virus Infection: The server may be infected with malware, botnet software, or ransomware that is sending malicious traffic.
- DDoS Attack Participation: The compromised server may be used to launch Distributed Denial of Service (DDoS) attacks.
- Unauthorized Access: An attacker may have gained access using weak passwords, stolen credentials, or vulnerabilities.
- Misconfigured Applications: Faulty software or incorrect network configuration may generate excessive traffic.
- Data Breach or Data Exfiltration: Sensitive data may be transferred illegally to external systems.
Immediate Actions
- Isolate the Server: Disconnect the server from the network immediately to stop abnormal traffic.
- Check System Logs: Analyze firewall, server, and application logs to identify suspicious activities.
- Run Security Scan: Use antivirus and malware detection tools to scan the server.
- Identify Active Connections: Check running processes and network connections using monitoring tools.
- Change Credentials: Reset passwords and disable compromised accounts.
- Apply Security Updates: Patch operating system and software vulnerabilities.
- Notify Security Team: Inform administrators or incident response teams immediately.
- Backup Important Data: Secure critical data before recovery actions.
Abnormal outbound traffic is often a sign of compromise or malfunction. Quick isolation, investigation, and security response are necessary to protect the network and prevent further damage.
প্রশ্ন: একটি server হঠাৎ external system-এ abnormal traffic পাঠাতে শুরু করেছে। সম্ভাব্য কারণ বিশ্লেষণ কর এবং তাৎক্ষণিক করণীয় উল্লেখ কর।
সম্ভাব্য কারণসমূহ
Server থেকে abnormal traffic পাঠানো security বা system-related সমস্যার ইঙ্গিত হতে পারে। সম্ভাব্য কারণগুলো হলো:
- Malware বা Virus Infection: Server malware, botnet software বা ransomware দ্বারা আক্রান্ত হতে পারে যা malicious traffic পাঠাচ্ছে।
- DDoS Attack-এ অংশগ্রহণ: Compromised server অন্য system-এর উপর DDoS attack চালাতে ব্যবহৃত হতে পারে।
- Unauthorized Access: দুর্বল password, stolen credential বা vulnerability ব্যবহার করে attacker access পেতে পারে।
- Misconfigured Application: Faulty software বা ভুল network configuration অতিরিক্ত traffic তৈরি করতে পারে।
- Data Breach বা Data Exfiltration: Sensitive data অবৈধভাবে external system-এ পাঠানো হতে পারে।
তাৎক্ষণিক করণীয়
- Server Isolate করা: Abnormal traffic বন্ধ করার জন্য server-কে দ্রুত network থেকে বিচ্ছিন্ন করতে হবে।
- System Log পরীক্ষা: Firewall, server এবং application log বিশ্লেষণ করে suspicious activity খুঁজতে হবে।
- Security Scan চালানো: Antivirus এবং malware detection tool দিয়ে server scan করতে হবে।
- Active Connection পরীক্ষা: Running process এবং network connection monitoring tool দিয়ে পরীক্ষা করতে হবে।
- Credential পরিবর্তন: Password reset এবং compromised account disable করতে হবে।
- Security Update প্রয়োগ: Operating system এবং software-এর vulnerability patch করতে হবে।
- Security Team-কে জানানো: Administrator বা incident response team-কে দ্রুত অবহিত করতে হবে।
- গুরুত্বপূর্ণ Data Backup: Recovery action নেওয়ার আগে গুরুত্বপূর্ণ data নিরাপদে backup রাখতে হবে।
উপসংহার
Abnormal outbound traffic সাধারণত compromise বা system malfunction-এর লক্ষণ। Network সুরক্ষা এবং ক্ষতি প্রতিরোধের জন্য দ্রুত isolation, investigation এবং security response প্রয়োজন।
- 7Big Data, ML & AIHadoop EcosystemA financial services provider needs to handle massive streaming and historical log data to perform fraud analytics and ML-driven maintenance prediction. Identify five Hadoop ecosystem technologies appropriate for this use case and describe their roles.
To process large-scale streaming and historical log data, different Hadoop ecosystem technologies can be used together for storage, processing, querying, and machine learning.
1. HDFS (Hadoop Distributed File System)
- HDFS is used for distributed storage of massive amounts of data across multiple servers.
- It stores historical logs, transaction records, and streaming data reliably with fault tolerance.
Role: Large-scale distributed data storage.
2. Apache Kafka
- Kafka is used for real-time data streaming and message collection.
- It collects continuous transaction logs, user activities, and system events from different sources.
Role: Real-time streaming data ingestion.
3. Apache Spark
- Spark is a fast data processing framework used for big data analytics and machine learning.
- It can process both streaming data and historical data efficiently.
Role: Real-time analytics, fraud detection, and ML processing.
4. Apache Hive
- Hive is a data warehouse tool used to query large datasets using SQL-like language.
- Analysts can generate reports and analyze fraud-related historical data easily.
Role: SQL-based querying and data analysis.
5. Apache Mahout
- Mahout provides machine learning algorithms for big data applications.
- It can be used for predictive analytics, anomaly detection, and maintenance prediction models.
Role: Machine learning and predictive analytics.
প্রশ্ন: একটি financial services provider massive streaming এবং historical log data ব্যবহার করে fraud analytics ও ML-driven maintenance prediction করতে চায়। এই কাজের জন্য উপযুক্ত পাঁচটি Hadoop ecosystem technology এবং তাদের ভূমিকা বর্ণনা কর।
Large-scale streaming এবং historical log data process করার জন্য বিভিন্ন Hadoop ecosystem technology একসাথে ব্যবহার করা হয় storage, processing, querying এবং machine learning-এর কাজে।
1. HDFS (Hadoop Distributed File System)
- HDFS বহু server-এ distributed ভাবে বিপুল পরিমাণ data সংরক্ষণ করতে ব্যবহৃত হয়।
- এটি historical log, transaction record এবং streaming data fault tolerance সহ নিরাপদে সংরক্ষণ করে।
Role: Large-scale distributed data storage।
2. Apache Kafka
- Kafka real-time data streaming এবং message collection-এর জন্য ব্যবহৃত হয়।
- এটি বিভিন্ন source থেকে continuous transaction log, user activity এবং system event সংগ্রহ করে।
Role: Real-time streaming data ingestion।
3. Apache Spark
- Spark একটি দ্রুত data processing framework যা big data analytics এবং machine learning-এর জন্য ব্যবহৃত হয়।
- এটি streaming data এবং historical data উভয়ই দ্রুত process করতে পারে।
Role: Real-time analytics, fraud detection এবং ML processing।
4. Apache Hive
- Hive হলো একটি data warehouse tool যা SQL-এর মতো language ব্যবহার করে বড় dataset query করতে সাহায্য করে।
- এর মাধ্যমে analyst সহজে fraud-related historical data বিশ্লেষণ ও report তৈরি করতে পারে।
Role: SQL-based querying এবং data analysis।
5. Apache Mahout
- Mahout big data application-এর জন্য machine learning algorithm প্রদান করে।
- এটি predictive analytics, anomaly detection এবং maintenance prediction model তৈরিতে ব্যবহৃত হয়।
Role: Machine learning এবং predictive analytics।
- 8Web TechnologyHTTPExplain HTTP status codes.
HTTP Status Codes are standard response codes sent by a web server to a client (browser or application) after receiving an HTTP request.
These codes indicate whether the request was successful, failed, redirected, or caused a server error.
HTTP status codes are represented by three-digit numbers.
Purpose of HTTP Status Codes
- Inform the client about request status.
- Help in debugging network or website problems.
- Control browser and application behavior.
- Support communication between client and server.
Categories of HTTP Status Codes
HTTP status codes are divided into five categories:
Status Code Range Category Description 100 – 199 Informational Request received and processing continues 200 – 299 Success Request completed successfully 300 – 399 Redirection Further action required 400 – 499 Client Error Error caused by client request 500 – 599 Server Error Error occurred on the server 1. Informational Status Codes (100–199)
These codes indicate that the request has been received and processing is continuing.
- 100 Continue: Client can continue sending the request.
- 101 Switching Protocols: Server agrees to switch protocols.
2. Success Status Codes (200–299)
These codes indicate successful request processing.
- 200 OK: Request completed successfully.
- 201 Created: New resource created successfully.
- 204 No Content: Request successful but no content returned.
3. Redirection Status Codes (300–399)
These codes indicate that additional action is needed.
- 301 Moved Permanently: Resource has permanently moved to another URL.
- 302 Found: Resource temporarily moved.
- 304 Not Modified: Cached version can be used.
4. Client Error Status Codes (400–499)
These errors occur due to problems in the client request.
- 400 Bad Request: Invalid request syntax.
- 401 Unauthorized: Authentication required.
- 403 Forbidden: Access denied.
- 404 Not Found: Requested resource not found.
5. Server Error Status Codes (500–599)
These errors occur when the server fails to process the request.
- 500 Internal Server Error: General server-side error.
- 502 Bad Gateway: Invalid response from another server.
- 503 Service Unavailable: Server temporarily unavailable.
- 504 Gateway Timeout: Server response timeout.
Commonly Used HTTP Status Codes
Status Code Meaning 200 OK 301 Moved Permanently 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 500 Internal Server Error 503 Service Unavailable HTTP Status Code হলো standard response code যা web server কোনো HTTP request পাওয়ার পর client (browser বা application)-কে পাঠায়。
এই code দ্বারা বোঝানো হয় request সফল হয়েছে কিনা, ব্যর্থ হয়েছে কিনা, redirect হয়েছে কিনা অথবা server error হয়েছে কিনা।
HTTP status code সাধারণত তিন অংকের সংখ্যা দ্বারা প্রকাশ করা হয়।
HTTP Status Code-এর উদ্দেশ্য
- Client-কে request-এর অবস্থা জানানো।
- Website বা network সমস্যা debugging করতে সাহায্য করা।
- Browser এবং application behavior নিয়ন্ত্রণ করা।
- Client এবং server-এর মধ্যে communication সহজ করা।
HTTP Status Code-এর শ্রেণিবিভাগ
HTTP status code পাঁচটি category-তে বিভক্ত:
Status Code Range Category বর্ণনা 100 – 199 Informational Request গ্রহণ করা হয়েছে এবং processing চলছে 200 – 299 Success Request সফলভাবে সম্পন্ন হয়েছে 300 – 399 Redirection অতিরিক্ত action প্রয়োজন 400 – 499 Client Error Client request-এর কারণে error 500 – 599 Server Error Server-এর অভ্যন্তরীণ error 1. Informational Status Codes (100–199)
এই code বোঝায় request গ্রহণ করা হয়েছে এবং processing চলছে।
- 100 Continue: Client request পাঠানো চালিয়ে যেতে পারে।
- 101 Switching Protocols: Server protocol পরিবর্তনে সম্মতি দিয়েছে।
2. Success Status Codes (200–299)
এই code বোঝায় request সফলভাবে সম্পন্ন হয়েছে।
- 200 OK: Request সফল হয়েছে।
- 201 Created: নতুন resource সফলভাবে তৈরি হয়েছে।
- 204 No Content: Request সফল কিন্তু কোনো content ফেরত দেয়নি।
3. Redirection Status Codes (300–399)
এই code বোঝায় অতিরিক্ত action প্রয়োজন।
- 301 Moved Permanently: Resource স্থায়ীভাবে অন্য URL-এ সরানো হয়েছে।
- 302 Found: Resource সাময়িকভাবে অন্যত্র সরানো হয়েছে।
- 304 Not Modified: Cached version ব্যবহার করা যাবে।
4. Client Error Status Codes (400–499)
এই error সাধারণত client request-এর সমস্যার কারণে হয়।
- 400 Bad Request: Invalid request syntax।
- 401 Unauthorized: Authentication প্রয়োজন।
- 403 Forbidden: Access denied।
- 404 Not Found: Requested resource পাওয়া যায়নি।
5. Server Error Status Codes (500–599)
এই error server request process করতে ব্যর্থ হলে ঘটে।
- 500 Internal Server Error: সাধারণ server-side error।
- 502 Bad Gateway: অন্য server থেকে invalid response এসেছে।
- 503 Service Unavailable: Server সাময়িকভাবে unavailable।
- 504 Gateway Timeout: Server response timeout হয়েছে।
বহুল ব্যবহৃত HTTP Status Codes
Status Code অর্থ 200 OK 301 Moved Permanently 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 500 Internal Server Error 503 Service Unavailable
- 9Computer SecurityDifferent AttacksDefine zero-day attacks. Compare the technologies used to secure data in transit versus data at rest.
- A Zero-Day Attack is a cyber attack that exploits a software or hardware vulnerability before the vendor or developer becomes aware of it or releases a security patch.
- It is called “zero-day” because developers have had zero days to fix the vulnerability before the attack occurs.
- Attackers use these unknown vulnerabilities to gain unauthorized access, steal data, spread malware, or damage systems.
Characteristics of Zero-Day Attacks
- Exploit unknown vulnerabilities.
- No security patch is available initially.
- Difficult to detect using traditional antivirus tools.
- Can cause serious financial and security damage.
Examples of Zero-Day Attacks
- Ransomware exploiting unpatched systems.
- Browser vulnerabilities used for data theft.
- Operating system exploits for unauthorized access.
Data in Transit vs Data at Rest
Data security technologies differ depending on whether data is moving through a network or stored in a device.
Feature Data in Transit Data at Rest Definition Data moving across a network Stored data in disks, databases, or storage devices Main Goal Protect data during transmission Protect stored data from unauthorized access Common Technologies TLS, SSL, VPN, HTTPS, SSH Disk Encryption, Database Encryption, AES Security Method Encryption during communication Encryption while stored Example Secure web browsing using HTTPS Encrypted hard drive or encrypted database Main Threat Packet sniffing, man-in-the-middle attack Data theft, unauthorized access Technologies Used for Data in Transit
- SSL/TLS: Encrypts communication between client and server.
- HTTPS: Secure version of HTTP using TLS/SSL.
- VPN: Creates encrypted communication tunnels.
- SSH: Secure remote login and communication.
Technologies Used for Data at Rest
- Disk Encryption: Encrypts entire storage devices.
- Database Encryption: Protects stored database records.
- AES Encryption: Common encryption standard for stored data.
- Access Control: Restricts unauthorized access to files and storage.
প্রশ্ন: Zero-Day Attack কী? Data in Transit এবং Data at Rest সুরক্ষায় ব্যবহৃত প্রযুক্তিগুলোর তুলনা কর।
- Zero-Day Attack হলো এমন একটি cyber attack যেখানে attacker কোনো software বা hardware-এর vulnerability exploit করে developer বা vendor সেটি জানার আগেই অথবা security patch প্রকাশের আগেই আক্রমণ চালায়।
- এটিকে “zero-day” বলা হয় কারণ vulnerability fix করার জন্য developer-এর হাতে শূন্য দিন সময় থাকে।
- Attacker এই অজানা vulnerability ব্যবহার করে unauthorized access, data theft, malware spread অথবা system damage করতে পারে।
Zero-Day Attack-এর বৈশিষ্ট্য
- অজানা vulnerability exploit করে।
- শুরুতে কোনো security patch থাকে না।
- Traditional antivirus দ্বারা শনাক্ত করা কঠিন।
- গুরুতর financial ও security ক্ষতি করতে পারে।
Zero-Day Attack-এর উদাহরণ
- Unpatched system exploit করা ransomware।
- Browser vulnerability ব্যবহার করে data theft।
- Operating system exploit করে unauthorized access।
Data in Transit এবং Data at Rest
Data network-এর মাধ্যমে চলাচল করছে নাকি storage-এ সংরক্ষিত আছে তার উপর ভিত্তি করে security technology ভিন্ন হয়।
বৈশিষ্ট্য Data in Transit Data at Rest সংজ্ঞা Network-এর মাধ্যমে চলমান data Disk, database বা storage-এ সংরক্ষিত data মূল উদ্দেশ্য Transmission-এর সময় data সুরক্ষা Stored data সুরক্ষা ব্যবহৃত প্রযুক্তি TLS, SSL, VPN, HTTPS, SSH Disk Encryption, Database Encryption, AES Security Method Communication-এর সময় encryption Stored অবস্থায় encryption উদাহরণ HTTPS ব্যবহার করে secure browsing Encrypted hard drive বা encrypted database মূল ঝুঁকি Packet sniffing, man-in-the-middle attack Data theft, unauthorized access Data in Transit সুরক্ষায় ব্যবহৃত প্রযুক্তি
- SSL/TLS: Client ও server-এর communication encrypt করে।
- HTTPS: TLS/SSL ব্যবহারকারী secure HTTP।
- VPN: Encrypted communication tunnel তৈরি করে।
- SSH: Secure remote login ও communication নিশ্চিত করে।
Data at Rest সুরক্ষায় ব্যবহৃত প্রযুক্তি
- Disk Encryption: সম্পূর্ণ storage device encrypt করে।
- Database Encryption: Stored database record সুরক্ষিত রাখে।
- AES Encryption: Stored data-এর জন্য বহুল ব্যবহৃত encryption standard।
- Access Control: Unauthorized access সীমাবদ্ধ করে।
- 10Digital Logic DesignSimplify the Boolean equation using K-map: F(A,B,C,D) = Σ(0,3,5,7,8,10,11,12,13,14,15).

Bangladesh Bank, Assistant Director(ICT), 2025 (MCQ)
Bangladesh Bank
Post: Assistant Director (ICT)
Exam Date: 07.02.2025, Exam Taker: FBS

Time's up
Bangladesh Bank, Assistant Director (ICT), 2025
- 1Data StructureHeapConvert the array (56,33,48,29,99,12 and 344) into min heap.
Initial array as a binary tree:
56 / \ 33 48 / \ / \ 29 99 12 344Swap 48 and 12:56 / \ 33 12 / \ / \ 29 99 48 344Swap 33 and 29:56 / \ 29 12 / \ / \ 33 99 48 344Swap 56 and 12:12 / \ 29 56 / \ / \ 33 99 48 344Swap 56 and 48:12 / \ 29 48 / \ / \ 33 99 56 344Final Result
The array now satisfies the min heap property: every parent node is smaller than or equal to its children.
12 / \ 29 48 / \ / \ 33 99 56 344
- 2Programming ConceptArrayWrite the pseudocode/ program (in any language) to print the common element between two arrays and the total number of such elements found. [assume each element in an array distinct].
#include <iostream> using namespace std; int main() { int size1, size2; // Taking input size of first array cout << "Enter size of first array: "; cin >> size1; int arr1[size1]; cout << "Enter elements of first array:\n"; for (int i = 0; i < size1; i++) { cin >> arr1[i]; } // Taking input size of second array cout << "Enter size of second array: "; cin >> size2; int arr2[size2]; cout << "Enter elements of second array:\n"; for (int i = 0; i < size2; i++) { cin >> arr2[i]; } // To store common elements int commonElements[size1 < size2 ? size1 : size2]; int count = 0; // Check each element in arr1 against arr2 for (int i = 0; i < size1; i++) { bool found = false; for (int j = 0; j < size2; j++) { if (arr1[i] == arr2[j]) { found = true; break; } } if (found) { // Check for duplicates bool alreadyExists = false; for (int k = 0; k < count; k++) { if (commonElements[k] == arr1[i]) { alreadyExists = true; break; } } if (!alreadyExists) { commonElements[count] = arr1[i]; count++; } } } // Print common elements cout << "Common elements: "; for (int i = 0; i < count; i++) { cout << commonElements[i] << " "; } cout << endl; // Print total count cout << "Total number of common elements: " << count << endl; return 0; }Sample I/O: Enter size of first array: 5 Enter elements of first array: 0 20 30 40 50 Enter size of second array: 6 Enter elements of second array: 10 2 20 30 60 90 Common elements: 20 30 Total number of common elements: 2 === Code Execution Successful ===🔗 Run Online: Print Common Elements Between Two Arrays
- 3Digital Logic DesignBasic GateGiven a logical function, find out the truth table of AB· (A+B).C

- 4Operating SystemDeadlockConsider the following snapshot of a system where maximum instance of A, B, C and D are 3, 14, 12 and 12.
Answer the following Question using the Bankers algorithm,
a) Calculate the need matrix from the above table?
b) Is the system in the safe state? Find out the safe sequence if no, justify the reason.a) answer:The Need matrix is calculated as: Need = Max - Allocation For each process, we subtract the Allocation from the Max to get the Need Matrix.

b) answer:Step-by-step checking for our system:
- P0: Needs [0, 0, 0, 0] ≤ Available [1, 5, 2, 0] → yes, so finish P0.
- Update Available by adding P0's allocation: [1, 5, 2, 0] + [0, 0, 1, 2] = [1, 5, 3, 2]
- P1: Needs [0, 7, 5, 0] ≤ Available [1, 5, 3, 2] → no, cannot finish yet.
- P2: Needs [1, 0, 0, 2] ≤ Available [1, 5, 3, 2] → yes, finish P2.
- Update Available : [1, 5, 3, 2] + [1, 3, 5, 4] = [2, 8, 8, 6]
- P3: Needs [0, 0, 2, 0] ≤ Available [2, 8, 8, 6] → yes, finish P3.
- Update Available : [2, 8, 8, 6] + [0, 6, 3, 2] = [2, 14, 11, 8]
- P4: Needs [0, 6, 4, 2] ≤ Available [2, 14, 11, 8] → yes, finish P4.
- Update Available : [2, 14, 11, 8] + [0, 0, 1, 4] = [2, 14, 12, 12]
- P1 (rechecked): Needs [0, 7, 5, 0] ≤ Available [2, 14, 12, 12] → yes, finish P1.
- Update Available : [2, 14, 12, 12] + [1, 0, 0, 0] = [3, 14, 12, 12]
Since all processes can finish in this order, the system is in a safe state.
Safe sequence: <P0, P2, P3, P4, P1>
🎥 Video Solution: Deadlock Handling (Deadlock Avoidance - Banker's Algorithm)
- 5Computer NetworkOSI/TCP-IP ModelSynthia wants to send an email to her friend. He sends the email through the application and transport layer.
(a)Mention the protocol of application layer and transport layer
(b)Draw a diagram from the above scenario.Protocols used in Application Layer and Transport Layer:
Application Layer: The protocol commonly used here for sending emails is SMTP (Simple Mail Transfer Protocol).
Transport Layer: This layer is responsible for the reliable transmission of data between applications. The commonly used protocol at this layer is TCP (Transmission Control Protocol), which ensures that the data is delivered accurately and in order.
ব্যাখ্যা দেখুন:
Application Layer Protocol :Simple Mail Transfer Protocol(SMTP)
ইমেইল পাঠানোর জন্য Application Layer-এ SMTP ব্যবহৃত হয়। SMTP এর কাজ হলো একটি কম্পিউটার থেকে অন্য কম্পিউটারে ইমেইল মেসেজ পাঠানো। এটি ব্যবহারকারীকে সহজে ইমেইল লিখে পাঠানোর সুযোগ দেয় এবং সার্ভারগুলোর মধ্যে মেসেজ ট্রান্সফার পরিচালনা করে।
Transport Layer Protocol :TCP (Transmission Control Protocol)
Transport Layer-এর মূল কাজ হলো ডেটা নির্ভরযোগ্যভাবে (reliably) গন্তব্যে পৌঁছে দেওয়া।
TCP (Transmission Control Protocol) ব্যবহার করা হয় কারণ:
- এটি ডেটাকে ছোট ছোট অংশে (segments) ভেঙে পাঠায়।
- প্রতিটি অংশ ঠিকভাবে এবং সঠিক ক্রমে (in order) পৌঁছেছে কিনা তা যাচাই করে।
- ডেটা হারিয়ে গেলে পুনরায় পাঠানোর ব্যবস্থা করে।
ইমেইল একটি গুরুত্বপূর্ণ যোগাযোগ মাধ্যম। যদি মেসেজের কোনো অংশ হারিয়ে যায় বা এলোমেলোভাবে পৌঁছে যায়, তাহলে ইমেইলটি অপূর্ণ বা ভুল হয়ে যাবে। এজন্য Application Layer-এ SMTP ইমেইল পাঠানোর নিয়ম ঠিক করে দেয়, আর Transport Layer-এ TCP ডেটা সঠিকভাবে, সম্পূর্ণভাবে এবং নির্ভরযোগ্যভাবে পৌঁছানো নিশ্চিত করে।
(b) Answer:
The diagram illustrates the process of sending an email from the sender to the receiverব্যাখ্যা দেখুন:
Sender’s Device → Sender’s Mail Server এর সাথে SMTP protocol ব্যবহার করে যোগাযোগ করে।
Sender’s Mail Server → ইন্টারনেটের মাধ্যমে SMTP ব্যবহার করে ইমেইলটি Receiver’s Mail Server-এ পাঠায়।
Receiver’s Mail Server → ইমেইলটি Receiver’s Device-এ পৌঁছে দেওয়ার জন্য POP3 অথবা IMAP protocol ব্যবহার করে।
- 6Database Management SystemkeysFind the primary key and foreign key after decomposition of the given schema (Branch_name, Acc_name, Balance, Brnach_city, Assets) and then identify which normalization it is?
Original Schema:
The original schema had attributes like Branch_name, Acc_name, Balance, Branch_city, and Assets.
Initially, everything was in a single table, but it had some issues because Branch_name was part of the key for identifying branch info, while Acc_no was the key for account info.
After Decomposition:
1. Account Table:
- Primary Key: Acc_no (Each account has a unique identifier).
- Foreign Key: Branch_name (This links each account to a branch).
- Non-key attributes (Acc_name, Balance) fully depend on Acc_no.
2. Branch Table:
- Primary Key: Branch_name (Each branch has a unique name).
- Non-key attributes (Branch_city, Assets) fully depend on Branch_name.
Why 2NF?
2NF (Second Normal Form) means:
- There are no partial dependencies (where attributes depend on part of the key).
- In each table, all non-key attributes depend entirely on the full primary key.
So, by breaking up the data into two tables, we've removed partial dependencies and made the schema 2NF.
Explanation:
১. প্রথমে একক টেবিলের স্কিমা:
আমাদের কাছে প্রথমে ছিল একটি টেবিল, এই টেবিলটির মধ্যে অ্যাট্রিবিউটগুলো হলো:
(Branch_name, Acc_name, Balance, Branch_city, Assets)
এই টেবিলটি ছিল একক টেবিল, কিন্তু এতে কিছু সমস্যা ছিল—বিশেষত partial dependency। এর মানে হলো, কিছু অ্যাট্রিবিউট (যেমন Branch_city এবং Assets) Branch_name এর উপর নির্ভরশীল, যেটি এই টেবিলের একটি অংশ। যাতে নরমালাইজেশন ছিলো না।
২. ডিকম্পোজিশন (Decomposition):
এখন, এই সমস্যা সমাধান করতে আমরা টেবিলটিকে দুটি আলাদা টেবিলে ভাগ করি:
Account Table:
(Account_no, Acc_name, Balance, Branch_name)
- Primary Key: Acc_noAcc_no একটি ইউনিক আইডেন্টিফায়ার, যা প্রতিটি অ্যাকাউন্টকে ইউনিক করে।
- Foreign Key: Branch_nameBranch_name একটি ফরেন কী হিসেবে কাজ করে, যা
Branchটেবিলের শাখার নামের সাথে সম্পর্কিত।
Branch Table:
- Primary Key: Branch_nameBranch_name শাখার ইউনিক আইডেন্টিফায়ার।
- Foreign Key: এখানে কোনো ফরেন কী নেই।
৩. ২NF (Second Normal Form):
Partial Dependency:
প্রথম স্কিমাতে Branch_name ছিল একটি অংশ, যা Branch_city এবং Assets এর মতো শাখার তথ্য ধারণ করছিল। তবে, অ্যাকাউন্টের জন্য প্রাথমিক কী Acc_no পুরোপুরি অ্যাকাউন্টের তথ্য (Acc_name, Balance) নির্ধারণ করতে ব্যবহৃত হয়।
ডিকম্পোজিশন করার পর, Account টেবিলের সমস্ত অ-প্রাথমিক অ্যাট্রিবিউট Acc_no এর উপর নির্ভরশীল হয়েছে, আর Branch টেবিলের সমস্ত অ-প্রাথমিক অ্যাট্রিবিউট Branch_name এর উপর নির্ভরশীল।
এটি partial dependency দূর করেছে, যেখানে কোনো অ্যাট্রিবিউট প্রাথমিক কীর একটি অংশের উপর নির্ভরশীল ছিল না।
২NF অর্জিত হয়েছে কারণ:
- Account টেবিলের সকল Non-key Attribute Acc_no এর উপর নির্ভরশীল।
- Branch টেবিলের সকল Non-key Attribute Branch_name এর উপর নির্ভরশীল
এই ডিকম্পোজিশনটি নিশ্চিত করেছে যে, আমরা partial dependency দূর করেছি এবং প্রতিটি টেবিলের Non-key Attribute তাদের পুরো primary keyএর উপর নির্ভরশীল। এর ফলে আমরা ২NF (Second Normal Form) অর্জন করেছি।
- 7Computer NetworkLatencySuppose Bangladesh bank is designing a nation of communication network for office located in Dhaka and Rangpur. Their offices are connected via wide area network (WAN). The team needs to ensure that applications with low latency requirements (such as VOIP and video conferencing) can operate efficiently between these offices. Given:
- Distance between Dhaka and Rangpur = 30 km
- Speed of fiber optic link = 2 × 108 m/s
- Link capacity = 1 Gbps
- Average size of data packets = 15,000 bytes
- Delay at each router/switch along the path = 5 ms
- RTT between Dhaka and Rangpur = 50 ms
Calculate the total network latency between office at Dhaka and Rangpur, considering the propagation delay and transmission delay.- Distance between Dhaka and Rangpur = 30 km = 30,000 meters
- Speed of fiber optic link = 2 × 108 m/s
- Link capacity = 1 Gbps = 1 × 109 bps
- Average size of data packets = 15,000 bytes = 120,000 bits (15,000 × 8)
- Delay at each router/switch = 5 ms
- RTT between Dhaka and Rangpur = 50 ms
Propagation Delay
Propagation Delay = Distance / Propagation Speed
= 30,000 meters / (2 × 108 m/s) = 0.00015 seconds = 0.15 ms
Transmission Delay
Transmission Delay = Packet Size (bits) / Link Capacity (bps)
= 120,000 bits / (1 × 109 bps) = 0.00012 seconds = 0.12 ms
Router Delay
There are 1 routers and 1 switch each with 5 ms delay:
Router Delay = 2 × 5 ms = 10 ms
Total One-Way Latency
Total Latency = Propagation Delay + Transmission Delay + Router Delay
= 0.15 ms + 0.12 ms + 10 ms = 10.27 ms (Answer)
Round Trip Time (RTT)
RTT = 2 × One-way latency (since round trip includes going and coming back)
RTT=2×10.27 ms=20.54 ms
The given RTT (50 ms) is higher, which suggests additional delays are present such as queuing delay, processing delay, or other network factors not explicitly included in the simple calculation.
🎥 Video Solution: Network Latency Calculation
🎥 Video Solution: Network Delay Types & Round-Trip Time Explained (in Bangla)
- 8Data Center & VirtualizationOthersBangladesh Bank have client server and the communicate with Mail server, DNS server, web server. Bangladesh Bank want to ensure the security using firewall on those server. Draw a diagram with the scenario.
The diagram represents a secure network architecture for Bangladesh Bank, where client-server communication is protected using firewalls:The diagram illustrates a secure client-server architecture for Bangladesh Bank, where clients communicate with different servers through a firewall to ensure network security.
Clients (Users): Users access Bangladesh Bank's online services through the Internet using web browsers or mobile applications.
Perimeter Firewall: The first firewall acts as a security gateway between the Internet and the bank's servers. It filters incoming and outgoing traffic, allowing only authorized requests while blocking unauthorized access and cyber attacks.
DMZ (Demilitarized Zone): Public-facing servers are placed in the DMZ to minimize the risk of exposing the internal network. These include:
Web Server – Handles HTTP/HTTPS requests from clients.
Mail Server – Provides email services using SMTP/SMTPS protocols.
DNS Server – Resolves domain names to IP addresses for client requests.
Internal Firewall: A second firewall separates the DMZ from the bank's internal network. It allows only necessary communication between the public servers and the internal systems, preventing attackers from directly accessing sensitive resources.
Application Server: This server hosts Bangladesh Bank's core banking applications and business logic. It processes requests received from the Web Server and communicates with the Database Server.
Database Server: Stores confidential banking information such as customer records, transaction data, and account details. It is accessible only by the Application Server and is never exposed directly to the Internet.
Security Features
Filters unauthorized network traffic.
Allows only required ports and services (HTTP/HTTPS, SMTP, DNS).
Protects internal servers from external attacks.
Isolates public-facing servers using a DMZ.
Restricts access to sensitive banking data through an Internal Firewall.
Enhances confidentiality, integrity, and availability of banking services.
Conclusion:
By deploying perimeter and internal firewalls along with a DMZ architecture, Bangladesh Bank ensures that client requests are securely processed while protecting its critical application and database servers from unauthorized access and cyber threats
- 9Non Technical QuestionNon tech
∫ from 0 to 2 of (2x² + 3x) dx?
- In Bangladesh Bank there are 6 Assistant directors and 4 Deputy Directors (DD's). Each AD brings a bag, while only half of the DDs bring a bag. If a bag is selected at random from all the bags, what is the probability that the chosen bag belongs to a Deputy Director (DD)?
Translations:ক) শনিবার হতে সে অফিস আসছে না
খ) আপনার ব্যাংঙ্ক একাউন্টের স্থিতি জানার জন্য মোবাইল ব্যাংকিং এপ্লিকেশনে লগিন করুন- Short notes on "AI and machine language mitigate challenge of cyber attack on banking system"
- 10MCQMCQ
- Which the universal gate? Ans.: Nor and NAND gate
- What is best way to implement priority queue? Ans.: Heap
- Reverse voltage Zener diode is used as? Ans.: Voltage Regulator
- What kind of encryption is used for email? Ans.: TLS
- Which algorithm used digital signature? Ans.: RSA
- What is HTTP code 500? Ans.: Internal Server Error
- Which one make data access from a database faster? Ans.: Indexing
- Which device that's converts AC to DC? Ans.: Rectifier
- Priority scheduling math no arrival time, find the average TAT? Ans.: 0
- Find the current from a circuit, where voltage & resistance already given? Ans.: 0.5A
- What factors doesn’t affect inductance? Ans:
- What is the major drawback of waterfall model? Ans: lack of flexibility
- What is not a web server type? Ans:
- Docker containers within a single application?
- A circular queue has size 6, front 2nd index, rear 5th index. What will the position of rear after insert a value in front?
- During sending email that message should not alter/modify, which database properties ensure this?
- In binary tree what are the root value of the following 56, 58, 12, 78?
- Write the 2’s complement of (65)16.
- A process needs I/O operations, it switches to …..waiting state.
- Which the command of DDL?
- Integration testing is the process of testing the interface between two software or modules.
- SUEZ canal connects which two seas? Ans.: Mediterranean sea and the Red sea
- First ICC ODI Men's World Cup winner captain? Ans.: Clive Lloyd
- Who won the Nobel peace prize in 2024? Ans.: Nihon Hidankyo
- What the highest peak of Bangladesh? Ans.: Tazingdong
- Strasbourg belongs to which country? Ans.: France
- A pipe can fill a tank in 4 hours, and another pipe can fill it in 6 hours. How much time will they take to fill the tank together? Answer: 2.4 hours
- What is the distance from A's starting point to his final position? Answer: 4.24 meters
- Mr. X uses 30% of his salary for expenses, 20% for his final position, and 10% for another. His remaining amount is 12,000 Taka. What is his total salary? Ans.: 30,000
- The father's age is 36 and the son's age is 16. How many years ago was the father's age three times the son's age? Ans.: 6 years ago
- There are 8 balls, and one ball is heavier than the other 7, which are of the same weight. How many weighing are required to guarantee finding the heavier ball? Ans: 2
- 192.168.16.10, which the subnet address of this ip address?
- Find the output.
int main() { int x=3; int y=2; if (x==2) y=3; else y=2; printf("%d %d\n", x, y); }Ans.: 2, 3
Bangladesh Bank, Assistant Programmer, 2023 (MCQ)
Bangladesh Bank
Post: Assistant Programmer
Exam Date: 03.02.2023, Exam Taker: BIBM

Time's up
Bangladesh Bank, Assistant Maintenance Engineer, 2023 (MCQ)
Bangladesh Bank
Post: Assistant Maintenance Engineer
Exam Date:04/02/ 2023, Exam Taker: BIBM

Time's up
Bangladesh Bank, Assistant Maintenance Engineer, 2023
Bangladesh Bank, Assistant Programmer, 2023
- 1Data StructureHashingConsider strong entries with integer keys. Suppose the hash function is h (k) = k mod 13. Insert in the given order entries with keys 10, 3, 6, 16, 17, 19 in to the hash table using linear probing to resolve collisions. Show all the work.
The hash function is given as h(k)=k mod 13.
The table size is 13, meaning we have indices from 0 to 12.Step-by-Step Insertion Process
Key: 10
Hash value: h(10) = 10 mod 13 = 10. Insert 10 at index 10.Key: 3
Hash value: h(3) = 3 mod 13 = 3. Insert 3 at index 3.Key: 6
Hash value: h(6) = 6 mod 13 = 6. Insert 6 at index 6.Key: 16
Hash value: h(16) = 16 mod 13 = 3. Index 3 is occupied. Use linear probing and insert 16 at index 4.Key: 17
Hash value: h(17) = 17 mod 13 = 4. Index 4 is occupied. Use linear probing and insert 17 at index 5.Key: 19
Hash value: h(19) = 19 mod 13 = 6. Index 6 is occupied. Use linear probing and insert 19 at index 7.Final Hash Table
Index Value 0 - 1 - 2 - 3 3 4 16 5 17 6 6 7 19 8 - 9 - 10 10 11 - 12 - Summary
The final hash table after inserting all keys using linear probing is as follows:[ - , - , - , 3 , 16 , 17 , 6 , 19 , - , - , 10 , - , - ]
- 2Computer SecurityThreatsDescribe a man-in the middle attack on the Diffie-Hellman key exchange protocol in which the adversary generates two public key pairs for the attack.
Man-in-the-Middle (MITM) Attack on Diffie–Hellman Key Exchange
In a MITM attack on Diffie–Hellman (DH), an attacker (Mallory) sits between Alice and Bob, intercepts their public keys, and replaces them with her own. Since basic DH provides no authentication, Alice and Bob cannot verify the real sender of the public key.
Normal DH (No Attack)
- Public parameters: prime p, generator g
- Alice selects private key a, sends public key A = ga mod p
- Bob selects private key b, sends public key B = gb mod p
- Shared key: K = gab mod p
MITM Attack (Attacker Generates Two Key Pairs)
Step 1: Interception
Mallory intercepts Alice’s public key A and Bob’s public key B.Step 2: Mallory Creates Two Private Keys
Mallory chooses two private keys: m1 (for Bob) and m2 (for Alice).Step 3: Mallory Generates Two Public Keys
Mallory computes:
M1 = gm1 mod p
M2 = gm2 mod pStep 4: Key Replacement (Fake Public Keys)
Mallory sends M1 to Bob pretending it is from Alice.
Mallory sends M2 to Alice pretending it is from Bob.Step 5: Two Different Shared Keys are Formed
- Alice computes: K1 = (M2)a mod p (Alice–Mallory key)
- Bob computes: K2 = (M1)b mod p (Bob–Mallory key)
- Mallory can compute both keys:
K1 = (A)m2 mod p and K2 = (B)m1 mod p
Result
- Alice and Bob do not share the same secret key.
- Mallory shares one key with Alice and another key with Bob.
- Mallory can read, modify, and re-encrypt messages between them.
Why It Works
Because basic Diffie–Hellman does not provide authentication, public keys can be replaced without detection.
Prevention
- Use Authenticated Diffie–Hellman
- Use Digital Signatures / Certificates (PKI)
- Use TLS (DHE/ECDHE + certificates)
Diffie–Hellman Key Exchange-এ Man-in-the-Middle (MITM) Attack
MITM attack-এ attacker (Mallory) Alice এবং Bob-এর মাঝখানে বসে public key গুলো intercept করে এবং নিজের public key বসিয়ে দেয়। Basic Diffie–Hellman-এ authentication নেই, তাই Alice/Bob বুঝতে পারে না public key আসলেই কার কাছ থেকে এসেছে。
Normal DH (Attack নেই)
- Public parameter: prime p, generator g
- Alice private key a নেয়, public key পাঠায় A = ga mod p
- Bob private key b নেয়, public key পাঠায় B = gb mod p
- Shared key: K = gab mod p
MITM Attack (Attacker দুইটি Key Pair তৈরি করে)
Step 1: Interception
Mallory Alice-এর public key A এবং Bob-এর public key B intercept করে।Step 2: Mallory দুইটি Private Key নেয়
Mallory দুইটি private key বেছে নেয়: m1 (Bob-এর জন্য) এবং m2 (Alice-এর জন্য)।Step 3: Mallory দুইটি Public Key তৈরি করে
Mallory হিসাব করে:
M1 = gm1 mod p
M2 = gm2 mod pStep 4: Public Key Replace করে
Mallory Bob-কে M1 পাঠায় (যেন Alice পাঠিয়েছে)।
Mallory Alice-কে M2 পাঠায় (যেন Bob পাঠিয়েছে)।Step 5: দুইটা আলাদা Shared Key তৈরি হয়
- Alice হিসাব করে: K1 = (M2)a mod p (Alice–Mallory key)
- Bob হিসাব করে: K2 = (M1)b mod p (Bob–Mallory key)
- Mallory দুইটাই বের করতে পারে:
K1 = (A)m2 mod p এবং K2 = (B)m1 mod p
Result
- Alice এবং Bob-এর মধ্যে একই secret key তৈরি হয় না।
- Mallory Alice-এর সাথে একটি key এবং Bob-এর সাথে আরেকটি key share করে।
- Mallory মাঝখান থেকে message পড়তে, পরিবর্তন করতে, এবং পুনরায় encrypt করে পাঠাতে পারে।
কেন Attack কাজ করে
Basic Diffie–Hellman-এ authentication নেই, তাই public key সহজে replace করা যায়।
Prevention
- Authenticated Diffie–Hellman ব্যবহার
- Digital Signature / Certificate (PKI) ব্যবহার
- TLS (DHE/ECDHE + certificate) ব্যবহার
- 3Computer SecurityCIAPreserving confidentiality integrity and availability of data is a restatement of the concern over falsification, interception, masquerade and denial of service. Explain how the first three concepts relate to the last four.
The concepts of confidentiality, integrity, and availability (CIA triad) directly address the security concerns of falsification, interception, masquerade, and denial of service.
Confidentiality ensures that sensitive information is accessible only to authorized users, protecting against interception, where data could be accessed or stolen by unauthorized parties.
Integrity guarantees that data remains accurate and unaltered, defending against falsification, which involves malicious modification of data, and masquerade, where attackers assume false identities to tamper with information.
Availability ensures that information and resources are accessible when needed, countering denial of service (DoS) attacks that aim to make systems or data unavailable to legitimate users.
By maintaining confidentiality, integrity, and availability, organizations can effectively mitigate these four major security threats and enhance overall data protection.
Confidentiality, Integrity, Availability (CIA triad)-এর ধারণাগুলো মূলত চারটি security threat-এর সাথে সম্পর্কিত: falsification, interception, masquerade, এবং denial of service।
Confidentiality (গোপনীয়তা): সংবেদনশীল তথ্যকে শুধুমাত্র authorized users-এর জন্য accessible রাখে। এটি interception থেকে রক্ষা করে, অর্থাৎ unauthorized ব্যক্তি তথ্য access বা steal করতে পারবে না.
Integrity (অখণ্ডতা): নিশ্চিত করে যে তথ্য correct এবং unaltered আছে। এটি falsification থেকে রক্ষা করে, যেখানে data maliciously modify করা হয়, এবং masquerade থেকে, যেখানে attacker false identity ব্যবহার করে information manipulate করতে পারে.
Availability (উপলব্ধতা): তথ্য এবং resources ব্যবহারকারীদের প্রয়োজন অনুযায়ী accessible রাখে। এটি denial of service (DoS) attack থেকে রক্ষা করে, যা legitimate users-এর জন্য system বা data কে unavailable করতে চায়.
সারসংক্ষেপে, maintaining the CIA triad এই চারটি security threat mitigate করতে সাহায্য করে এবং overall data protection ensure করে।
- 4Programming ConceptGiven two integers A and B as input write a program to compute the least common multiple of A and B.
#include <stdio.h> int main () { int n1, n2, max; printf ("Enter two positive integers: "); scanf ("%d %d", &n1, &n2); // maximum number between n1 and n2 is stored in max max = (n1> n2) ? n1: n2; while (1) { // Check if max is divisible by both n1 and n2 if ((max% n1 == 0)&& (max % n2 ==0)) { // If true, max is the LCM of n1 and n2 printf("The LCM of %d and %d is %d.", n1,n2,max); break; } ++max; } return 0; }
Sample I/O: Enter two positive integers: 14 8 The LCM of 14 and 8 is 56. === Code Execution Successful ===🔗 Run Online: LCM of two integer
- 5Programming ConceptConsider the following code:
Public class Class A {
Mention which of the methods overload, override and hied supper class methods. What about the remaining method?
Public void m1 () {}
Public void m2 (int i) {}
Public void m3 (int i) {}
Public static void m4 (int i) {}
Public class class B extends class A {
Public static void ml (int i) {}
Public void m2 (int i) {}
Public void m3 (string s) {}
Public static void m4 (int i) {}
- 6Data StructureHeap4Given the adjacency list representation of a complete binary tree with 7 vertices, write the equivalent adjacency matrix representation. Assume that the vertices are numbered from 1 to 7 as in a binary heap.Complete Binary Tree
Adjacency List Representation
Adjacency Matrix RepresentationVertex Connected Vertices 1 2, 3 2 4, 5 3 6, 7 4 5 6 7 1 2 3 4 5 6 7 1 0 1 1 0 0 0 0 2 0 0 0 1 1 0 0 3 0 0 0 0 0 1 1 4 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 7 0 0 0 0 0 0 0
Complete Binary Tree
Adjacency List Representation
Adjacency Matrix RepresentationVertex Connected Vertices 1 2, 3 2 4, 5 3 6, 7 4 5 6 7 1 2 3 4 5 6 7 1 0 1 1 0 0 0 0 2 0 0 0 1 1 0 0 3 0 0 0 0 0 1 1 4 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 7 0 0 0 0 0 0 0
- 7Database Management SystemKeysSuppose that we have a relational database with the following table. Underlined one represent primary key
Movies (mid, title, year)
Write a SQL query to return the number of movies that are romantic comedies.
People (pid, name)
Genres (gid, genre)
HasRole (pid, mid, role)
Has Genre (gid, mid)SELECT COUNT(*) FROM Movies, Genres, HasGenre WHERE Movies.mid = HasGenre.mid AND HasGenre.gid = Genres.gid AND Genres.genre = "romantic comedy";
- 8Computer NetworkOSI/TCP-IPIn order to prevent that the company decided to add end to end encryption techniques which layer of the OSI model is suitable to work in considering parameters like development time, software maintainability and development cost, Give reasons for your concepts.
Suitable OSI Layer for End-to-End Encryption
To implement end-to-end encryption (E2EE) while considering development time, software maintainability, and development cost, the most suitable layer of the OSI model is the Application Layer (Layer 7).
Reasons for Choosing the Application Layer
- Faster Development Time: Encryption at the application layer can be implemented directly within the application logic. Developers do not need to modify lower-level networking protocols, which significantly reduces development time.
- Better Software Maintainability: Application-layer encryption is easier to update, debug, and maintain. Changes can be made without affecting the underlying network infrastructure or operating system.
- Lower Development Cost: No changes are required in routers, switches, or transport-layer implementations. This avoids hardware upgrades and reduces overall implementation cost.
- True End-to-End Security: Data is encrypted at the sender’s application and decrypted only at the receiver’s application. Intermediate systems (routers, proxies, servers) cannot read the data.
- Platform Independence: Application-layer encryption works across different networks, protocols, and platforms without compatibility issues.
Why Not Lower Layers?
- Transport Layer (e.g., TLS): Requires certificate management and protocol-level integration, increasing complexity and cost.
- Network/Data Link Layers: Require hardware or OS-level changes, leading to high cost and poor maintainability.
Considering development time, cost efficiency, and long-term maintainability, implementing end-to-end encryption at the Application Layer is the best and most practical choice.
End-to-End Encryption-এর জন্য উপযুক্ত OSI Layer
End-to-end encryption (E2EE) বাস্তবায়নের ক্ষেত্রে যদি development time, software maintainability এবং development cost বিবেচনা করা হয়, তাহলে OSI model-এর মধ্যে সবচেয়ে উপযুক্ত হলো Application Layer (Layer 7)।
Application Layer নির্বাচন করার কারণ
- কম Development Time: Application layer-এ encryption সরাসরি application logic-এর ভেতরে implement করা যায়। নিচের network protocol পরিবর্তনের প্রয়োজন হয় না, ফলে সময় কম লাগে।
- সহজ Software Maintainability: Application-level encryption সহজে update, debug এবং maintain করা যায়। Network বা OS পরিবর্তন ছাড়াই security update সম্ভব।
- কম Development Cost: Router, switch বা hardware পরিবর্তনের দরকার হয় না। এতে implementation cost অনেক কমে যায়।
- প্রকৃত End-to-End Security: Sender-এর application-এ data encrypt হয় এবং receiver-এর application-এই decrypt হয়। মাঝখানের কোনো system data পড়তে পারে না।
- Platform Independent: Application layer encryption বিভিন্ন network ও platform-এ একইভাবে কাজ করে।
নিচের Layer গুলো কেন উপযুক্ত নয়?
- Transport Layer (যেমন TLS): Certificate management ও protocol complexity বেশি, ফলে খরচ ও রক্ষণাবেক্ষণ কঠিন।
- Network/Data Link Layer: Hardware বা OS পরিবর্তন দরকার হয়, যা ব্যয়বহুল ও জটিল।
Development time, খরচ এবং ভবিষ্যৎ maintainability বিবেচনা করলে Application Layer-এ end-to-end encryption বাস্তবায়নই সবচেয়ে কার্যকর সমাধান।
- 9Computer NetworkOthersDraw A class diagram. A token-ring based local area network (LAN) is a network consisting of nodes in which network packets are sent around. Every node has a unique name within the network, and refers to its next node. Different kinds of nodes exist: Workstations are originators of messages; servers and printers are network nodes that can receive messages. Packets contain an originator a destination and content, and are sent around on a network. A LAN is a circular configuration of nodes.
- 10Object Oriented ProgrammingBasicDetermine overloading method, overridden method and hide super class method?
Method Overloading, Method Overriding, and Method Hiding
1. Method Overloading
Method overloading occurs when multiple methods in the same class have the same method name but different parameter lists (different number, type, or order of parameters).
- Resolved at compile time
- Improves code readability and flexibility
Example:
int add(int a, int b) int add(int a, int b, int c)2. Method Overriding
Method overriding happens when a subclass provides a new implementation of a method that is already defined in its superclass with the same method signature.
- Occurs in inheritance
- Resolved at runtime (runtime polymorphism)
- Method must be non-static
Example:
class Parent { void show() { } } class Child extends Parent { void show() { } }3. Method Hiding (Hiding Superclass Method)
Method hiding occurs when a static method in a subclass has the same name and signature as a static method in the superclass.
- Applies only to static methods
- Resolved at compile time
- Not true overriding
Example:
class Parent { static void display() { } } class Child extends Parent { static void display() { } }Summary Comparison
- Overloading: Same class, same method name, different parameters
- Overriding: Subclass redefines superclass method (non-static)
- Hiding: Static method in subclass hides static method of superclass
Method Overloading, Method Overriding এবং Method Hiding
১. Method Overloading
একই class-এর ভেতরে একই নামের method থাকলে কিন্তু তাদের parameter আলাদা হলে তাকে method overloading বলে।
- Compile time-এ সিদ্ধান্ত হয়
- Code সহজ ও flexible হয়
উদাহরণ:
int add(int a, int b) int add(int a, int b, int c)২. Method Overriding
Subclass যখন superclass-এর একটি non-static method একই signature দিয়ে নতুনভাবে implement করে, তখন তাকে method overriding বলে।
- Inheritance-এর ক্ষেত্রে হয়
- Runtime-এ সিদ্ধান্ত হয়
উদাহরণ:
class Parent { void show() { } } class Child extends Parent { void show() { } }৩. Method Hiding (Superclass Method Hide করা)
Subclass যদি superclass-এর static method একই নাম ও signature দিয়ে define করে, তাহলে তাকে method hiding বলে।
- শুধু static method-এর ক্ষেত্রে হয়
- Compile time-এ resolve হয়
- এটা real overriding নয়
উদাহরণ:
class Parent { static void display() { } } class Child extends Parent { static void display() { } }সংক্ষেপে পার্থক্য
- Overloading: একই class, আলাদা parameter
- Overriding: Subclass superclass-এর method পরিবর্তন করে
- Hiding: Static method subclass দ্বারা hide হয়
- 11Non Technical QuestionNon tech10. Growing use to technology in the Financial Service Industry.
11. Translation English to Bangla.
12. Translation Bangla to English.
13. If x is an Integer and x + 1/x= 17/4, then value of x – 1/x =?
14. A basketball team has won 15 games and lost 9. If these games represent 16% of the games to be played, then how many more games must the team win to average 75% for the season?
15. Students of a class are made to stand in rows. If students are extra in each row, then there would be 2 rows less. If four students are less in each row, then there would be 4 more rows. What is the number of students in the class?
16. In the given figure, PQT is a right triangle then what is the area of square QRST.





Answer the following Question using the Bankers algorithm,
The diagram illustrates the process of sending an email from the sender to the receiver
The diagram represents a secure network architecture for Bangladesh Bank, where client-server communication is protected using firewalls:
Adjacency List Representation
[source: