Network and Security Engineers Interview questions.

I have been attending many interviews for Networking and Security related jobs and I have collected many number of Interview questions questions.

This questions are purely collected by me by my own experience.

Please leave your comments and feedback on this comment section for more better updates.

Interview Questions:
===============

1.What is  default rule in Firewall ?.

Explicit Rules :
===========

      1.Stealth Rule.
      2. VPN Rule(Management).
      3. Any Rule can be placed based on requirement.
      4. Cleanup Rule.(Enable Log)

Implied Rule :
==========

The Rule is default can't be edited and it is default.


2.What is important rules in Firewall?.
3.How you troubleshoot TCP connection in firewall?.

Troubleshooting TCP connections in a firewall involves identifying and resolving issues that may be preventing the establishment or proper functioning of the connection. Here are some steps you can take:

1. Check Firewall Logs:

   • Review the firewall logs to see if there are any denied or blocked connections.
   • Look for specific information on why a connection was denied or blocked.

2. Review Rules and Policies:

   • Verify that the firewall rules and policies are configured correctly.
   • Check for any rules that might be conflicting or preventing the desired connection.

3. Verify Port and Protocol Settings:

   • Ensure that the firewall is configured to allow the specific TCP port(s) required by the application or service.
   • Check if the protocol (TCP in this case) is allowed for the connection.

4. Application Whitelisting:

   • If the firewall has application whitelisting features, make sure the application or service is allowed.

5. IP Whitelisting/Blacklisting:

   • Check if the IP addresses involved in the connection are correctly whitelisted or if there are any blacklisted IPs.

6. Check Network Connectivity:

   • Ensure that there are no issues with the network connectivity between the client and server.
   • Verify if there are any network devices (routers, switches) that might be causing problems.

7. Test Connectivity:

   • Use tools like telnet or nc to test the connectivity to the specific TCP port from the client to the server.elnet server_ip 

8. Firewall State:

   • Ensure that the firewall is enabled and running.
   • Verify if there are any recent changes to the firewall configuration.

9. Update Firewall Software:

   • Check if there are any updates available for the firewall software, and apply them if necessary.

10. Consult Documentation:

    • Refer to the firewall documentation for specific troubleshooting steps related to your firewall software.

Remember that troubleshooting can vary depending on the specific firewall solution you're using. If you provide more details about the firewall and the specific issue you're facing, I can offer more targeted assistance.

4.What is TCP Dump?.

tcpdump is a command-line packet analyzer tool for Unix and Unix-like systems. It allows users to capture and display TCP, UDP, and other packets on a network in real-time or save them to a file for later analysis. tcpdump is a powerful and flexible tool commonly used for network troubleshooting, protocol analysis, and security monitoring.

Here are some key points about tcpdump:

1. Packet Capture:

   • tcpdump captures packets that are traveling through a network interface and provides detailed information about each packet, including source and destination addresses, protocols, flags, and payload data.

2. Syntax:

   • The basic syntax of tcpdump is:
   • 
     
     
     • Options allow you to control various aspects of the capture.
     • The filter_expression lets you specify which packets to capture based on specific criteria.
   • 
     

3. Display and Output Options:

   • tcpdump can display captured packets in real-time on the console or save them to a file for later analysis.
   • Options like -A can be used to display packet contents as ASCII text, and -w is used to save the captured packets to a file.

4. Filtering:

   • Filters in tcpdump allow you to selectively capture packets based on criteria such as source/destination IP addresses, ports, protocols, and more. This helps in focusing on specific network traffic.

5. Readability:

   • tcpdump provides a variety of options to control the level of detail in the output, making it suitable for both quick overviews and in-depth packet analysis.

6. Promiscuous Mode:

   • By default, tcpdump captures packets only destined for the machine on which it is running. However, it can be put into promiscuous mode to capture all packets on the network segment.

7. Security and Permissions:

   • Running tcpdump generally requires elevated privileges (root or administrator) due to the low-level access to network interfaces. This helps ensure that the tool is not misused for unauthorized packet capture.

8. Examples:

9. 
   
   
   
• Capture all packets on a specific interface:

  tcpdump is a versatile tool and is often used in conjunction with other utilities for more comprehensive network analysis and troubleshooting. It's essential to use it responsibly and comply with privacy and security regulations when capturing and analyzing network traffic.

5.Explain OSI layers?.

The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven abstraction layers. Each layer represents a specific set of functionalities and interacts with adjacent layers. The OSI model is not a physical implementation but rather a guideline for understanding and designing network architectures. Here are the seven layers of the OSI model, from the lowest (Layer 1) to the highest (Layer 7):

1. Physical Layer (Layer 1):

   • Function: The physical layer deals with the physical connection between devices. It defines characteristics such as voltage levels, cable types, and connectors. It is concerned with transmitting raw bits over a physical medium, without interpreting their meaning.

2. Data Link Layer (Layer 2):

   • Function: The data link layer provides reliable point-to-point and point-to-multipoint communication over a physical layer link. It is responsible for framing, addressing, error detection, and flow control. Ethernet and Wi-Fi operate at the data link layer.

3. Network Layer (Layer 3):

   • Function: The network layer is responsible for routing packets between different networks. It deals with logical addressing, such as IP addresses, and determines the best path for data to travel from the source to the destination across interconnected networks. Routers operate at the network layer.

4. Transport Layer (Layer 4):

   • Function: The transport layer ensures end-to-end communication by providing error recovery, flow control, and reordering of data segments. It can establish connections (as in TCP) or provide connectionless services (as in UDP). The transport layer is where the concept of ports comes into play.

5. Session Layer (Layer 5):

   • Function: The session layer manages and controls the dialogues, or sessions, between two devices. It establishes, maintains, and terminates connections, coordinating data exchange and ensuring that communication sessions are orderly.

6. Presentation Layer (Layer 6):

   • Function: The presentation layer is responsible for data translation, encryption, and compression. It ensures that the data sent by the application layer of one system is readable by the application layer of another system. This layer deals with the syntax and semantics of the data.

7. Application Layer (Layer 7):

   • Function: The application layer is the topmost layer and is closest to the end-user. It provides network services directly to end-users or applications. Protocols like HTTP, SMTP, and FTP operate at this layer. It enables communication between software applications.

Understanding the OSI model helps in designing, troubleshooting, and explaining network architectures. It also facilitates communication between different networking technologies by providing a common reference framework. Each layer has its own specific functions, and communication between layers is typically achieved through well-defined interfaces.

6.How do you sniff traffic in Firewall?.

It's important to note that attempting to "sniff" or capture network traffic without proper authorization is generally considered unethical and may be illegal. Unauthorized interception of network traffic can lead to serious legal consequences and is a violation of privacy and security. Network administrators and security professionals typically use traffic analysis tools for legitimate and authorized purposes, such as monitoring and securing networks. Always ensure that you have the necessary permissions and legal rights before attempting to analyze or capture network traffic.

If you have the appropriate authorization to monitor network traffic for troubleshooting or security purposes, here are general steps to capture and analyze network traffic within a firewall environment:

1. Use Authorized Tools:

   • Utilize authorized network monitoring tools like Wireshark, tcpdump, or other packet capture tools that are commonly accepted in the industry.

2. Install Capture Software:

   • Install the chosen packet capture software on a computer with access to the network segment of interest.

3. Select the Appropriate Interface:

   • Choose the network interface (NIC) through which the traffic of interest flows. This might be an interface connected to a switch port, router interface, or other relevant point in the network.

4. Start Packet Capture:

   • Start capturing packets using the selected tool. For example, with Wireshark, you would start capturing on the chosen interface.

5. Apply Filters (Optional):

   • If you're only interested in specific types of traffic, you can apply filters to capture only relevant packets. Filters can be based on IP addresses, protocols, ports, or other criteria.

6. Analyze Captured Packets:

   • Once the capture is complete, analyze the captured packets to understand the network traffic. Look for patterns, anomalies, or potential security issues.

7. Ensure Compliance:

   • Always ensure that your actions comply with relevant laws, organizational policies, and ethical standards. Unauthorized interception of sensitive information is a serious violation.

Remember that network traffic sniffing should only be performed in a controlled and authorized environment for legitimate purposes, such as diagnosing network issues or enhancing network security. Unauthorized interception of network traffic is a breach of privacy and can lead to severe consequences. Always adhere to legal and ethical standards when working with network traffic.

7.What is IPSec tunnel?.

IPsec (Internet Protocol Security) tunnel refers to a secure, encrypted communication channel established between two devices or networks over the Internet or any other insecure network. IPsec is a suite of protocols that provides a robust framework for securing IP communications by authenticating and encrypting each IP packet within a communication session. The primary goal of an IPsec tunnel is to ensure the confidentiality, integrity, and authenticity of the transmitted data.

An IPsec tunnel typically involves two main components:

1. Tunnel Endpoints:

   • Each end of the IPsec tunnel is known as a "tunnel endpoint." These endpoints can be routers, firewalls, or other network devices capable of IPsec functionality. In a site-to-site VPN (Virtual Private Network) scenario, the tunnel endpoints are often routers or security appliances at the edges of the participating networks.

2. Security Associations (SAs):

   • Security Associations are established between the tunnel endpoints to define the security parameters for communication. Each SA includes information such as encryption algorithms, integrity algorithms, and keys. There are two types of SAs in IPsec: one for inbound traffic (from one endpoint to the other) and one for outbound traffic.

The process of establishing an IPsec tunnel typically involves the following steps:

1. Negotiation:

   • The tunnel endpoints negotiate the parameters of the IPsec connection. This negotiation includes agreeing on encryption and integrity algorithms, key exchange methods, and other security parameters.

2. Authentication:

   • The tunnel endpoints authenticate each other to ensure that both parties are legitimate and authorized to establish the tunnel. This can involve the exchange of digital certificates, pre-shared keys, or other authentication methods.

3. Key Exchange:

   • The tunnel endpoints exchange cryptographic keys that will be used for encrypting and decrypting the data. Key exchange methods, such as IKE (Internet Key Exchange), are commonly used for this purpose.

4. Tunnel Establishment:

   • Once negotiation, authentication, and key exchange are successful, the IPsec tunnel is established. All data sent between the tunnel endpoints is now encrypted and protected according to the agreed-upon security parameters.

5. Data Transmission:

   • The secure IPsec tunnel is now ready to transmit data. All data passing through the tunnel is encrypted, ensuring confidentiality, and integrity checks are performed to verify that the data has not been tampered with during transmission.

IPsec tunnels are widely used in various networking scenarios, including site-to-site VPNs, remote access VPNs, and secure communications between individual hosts. They play a crucial role in securing data transmission over potentially insecure networks, such as the Internet.

8.How to troubleshoot IPSec tunnel step by step?.

Troubleshooting an IPSec tunnel involves a systematic approach to identify and resolve issues. Here's a step-by-step guide to help you troubleshoot an IPSec tunnel:

1. Documentation Review:

   • Gather all relevant documentation, including configuration files, network diagrams, and any relevant logs.
   • Verify that the IPSec tunnel configuration on both ends is accurate and consistent.

2. Check Connectivity:

   • Ensure that there is basic network connectivity between the two IPSec endpoints.
   • Confirm that there are no network issues, such as firewall rules or routing problems, that could be blocking the IPSec traffic.

3. Verify Phase 1 (IKE):

   • Confirm that Phase 1 parameters (encryption, authentication, and DH group) match on both ends.
   • Check that the pre-shared key (PSK) or certificates are configured correctly.
   • Monitor the logs for any Phase 1 negotiation failures.

4. Verify Phase 2 (IPSec):

   • Ensure that Phase 2 parameters (encryption, authentication, and PFS) match on both ends.
   • Confirm that the subnets defined in the IPSec policy match the actual subnets of the connected networks.
   • Check for any Phase 2 negotiation failures in the logs.

5. Check Firewall Rules:

   • Confirm that firewall rules on both ends allow the required IPSec traffic.
   • Check for any stateful inspection or deep packet inspection features that may interfere with IPSec traffic.

6. Review Routing Configuration:

   • Ensure that routing is correctly configured to direct traffic through the IPSec tunnel.
   • Confirm that there are no overlapping subnets that could cause routing conflicts.

7. Monitor IPSec Logs:

   • Check the IPSec logs on both ends for error messages or warnings.
   • Enable detailed logging if necessary to capture more information about the IPSec negotiations.

8. Check VPN Status:

   • Utilize commands or tools provided by your IPSec implementation to check the status of the VPN tunnels.
   • Verify that the IPSec tunnel is established and that the SA (Security Associations) are active.

9. Packet Captures:

   • Use packet capture tools to analyze the IPSec traffic. This can help identify issues such as packet drops, misconfigurations, or unexpected behavior.

10. Debugging Commands:

    • Depending on the IPSec implementation, use debugging commands or tools provided by the vendor to gather additional information about the IPSec negotiations.

11. Update Firmware/Software:

    • Ensure that the devices running IPSec have the latest firmware or software updates installed. Sometimes, bugs or compatibility issues can be resolved by updating the software.

12. Engage Vendor Support:

    • If all else fails, contact the vendor's support for assistance. Provide them with detailed information about the issue, logs, and any troubleshooting steps you have taken.

Remember to document each step you take and any changes you make during the troubleshooting process. This documentation can be valuable when seeking assistance from vendor support or when performing a post-resolution analysis.

9.What is ACL's?.
11.What are OSPF Area?.
12.What are OSPF LSA types?.
13.How do you enable BGP redundancy between two ISP's?.
14.What is RFC 1918?.
15.What model router and switches have you worked?.
16.What is change management system?.
17.How do you enable inter-VLAN routing on L3-Switch?.
18. What is STP,RSTP & MSTP.?

STP timers :  

Port fast Edge :  It is used where all port connected to servers or host.

Port fast Network

Port fast Normal 
19. What is lowest priority is swich?.
20. How do you troubleshoot MAC address in switch?.
21. How do you select root bridge, explain selection process?.
22. What is default value in Root bridge ?.
23. How do you follow change management process, when you want do some changes in production?.
24.Do you have any experience in direct live call with customers?.
25. How do you troubleshoot with customer ?, show is facing VPN issue .
26. How do you troubleshoot with switch loop?.
27.How do you troubleshoot with routing loop?.
29. How do you check overall network health check?.
30. How do you troubleshoot IP issues in router ?. tell me the steps.
31. How do you troubleshoot OSPF in  CISCO routers?.

DR and BDR selection:

Higher the priority is better and the priority can be changed at interface.

If we set priority as 0, It won't participate on DR Selection process.

Router ID 

Loop back interface IP

Interface IP

Highest IP changes takes the priority. 

OSPF Networks:

============

1.Point to Point.

Since it is direct connection, no DR and BDR connection will be selected.

2.Braodcast.

DR and BDR will be elected ad the hello packet, LSU(link state update) packet and LSAck packets are broad cost 

DD Database descriptor and LSR link state requester packets are unicast.

3.Non broadcast multiple access.

DR & BDR will be elected here but Hello messages will be sent to form a adjacencies as Unicasts. 

4.Point to multipoint.

No DR or BDR election.

LSA:

====

Link state Advertisement. 

It is the packet which used to communicate other routers in the local network with a same OSPF area.

It depends on routers role on the OSPF network and has sequence number.

LSDB:

=====

Link state database.

LSAs and it details are stored in this Data base which has the path details of routing.

this will be shared with each other and gets the best path for the destination. 

DBDs:

=====

It is sent when the adjacency is being initialized. 

It only describe the details of topology not full LSAs. It will sent a LSA header.

LSR:

====

Link state request.

after receiving topology description, it request the latest  route date base  from neighboring router this is called Link state request.

LSU:

====

Link state update.

The neighboring router will send the actual LASs which has the full details of the routes.

This is the response to an LSR message.

LSA Ack:

=======

This is the acknowledgement as LSA delivery successful.

Router sent LSR requests can be acknowledge with single LSA ack by many LSAs received.

Routers no need to configure as a ABR or ASBR ..It automatically takes their roles.

when we configure Network on the OSPF , if the network has the IP range of any interface of the router.. It also advertise the same.

If we mention on the configuration like 

Network 0.0.0.0 255.255.255.255 area 0

It advertise all the interface networks.

We use wild card mask because the OSPF uses some ANDing operation to match its up from the same subnet.

32. Which protocol do you use for health check up?.
33. How do you troubleshoot Layer-3 routing issue in CISCO.
34. How can you create virtual firewall on CISCO and what parameters you should follow?.
35. What is CISCO ASA context?.
36. What is encryption domain in IPSec tunnel?.
37. What are main different between subnetting, VLSM, supernetting & summarization?
38. Difference between classless and classful routing ?.
39.What is IP schema and how do you follow ?
40. What is the main different between IPSec and SSL VPN?
41. How spanning tree works?.
42. What is the command to set switch priority ?.
43.What is L3-VLAN?

VLAN ==> Virtual logical area network.

It work on Data link layer.

Tag control information  it contains VLAN ID, DEI(Drop Eligible Indicator)

44. How ether channel works and different ether channel types ?
45.How does LACP function & how does it send frames. How it detect the port is down?
46. How you troubleshot broadcast storms?.
50. What is BPDU root guard?.

BPDU==>> Bridge protocol data unit.

BPDU Guard:

===========

It a protocol which disable the interface if it receives a BPDU.

There are two types of BPDUs. 

1. We configured on the switch which is sent to all the device.

2.TNC (Topology change notification) sent the details about topolpgy change. 

51. How you will restrict MAC address on Switch ?.
52. How would you apply ACL's on VLAN?.
53. How you upgrade firmware on CISCO ?
54. How do you reset password in CISCO?.
55. How does pocket flow in routers ?.
56. What is Vdom in fortigate ?.
57. How would you tread VLAN-3 interface in Fortigate?.
58. How does switch work with out STP?.
59. Explain concept of SVI in VLAN.
60. Pocket flow of Check point.
61. What is passive interface ?
62. Explain EIGRP protocol messages .
63. What is ARP and how it works?
64. Explain about MPLS.
90Explain-OSPF - virtual link.
66. Explain BGP states.
67.Explain BGP Areas.
68. Different between IPv4 and IPv6.
68. What is Link local in IPv6?
67. How do you enable IPv6 on routers?
68.How do you routing for  IPv6  ?
69. What is dual stack address ?.
70.How do deal with IPv6 WAN and LAN?.
71. Rules of shorten IPv6 ?.
72. What is split tunnel ?.
73. Any idea about MFA ?.
74. Two factor authentication?.
75. Explain Messages in IPSec?.
76. What is TINA tunnel?.
78. Different between IDS and IPS ?.
79. What is DMZ zone ?.
80. What is WAF ?.
81. What is proxy?.
82. Explain about different types of Proxy ?.
83. What is LLB and SLB ?.
84. Trust and Un-trust network ?.
85. What is Honeypot ?.
86. What is Cyber Security ?.
87. How do you find Vulnerability ?.
88. How do you block HTTPS tunnels in your network?.
89. Do you know how to troubleshoot tunnels in cloud ?.
90. Different between IKE1 and IKE2 .

91. What is clean up rule ?.
92. Have you worked in DLP ?.
93. What is Application filter ?.
94. How URL filter works ?.
95.What is object in firewall ?.
96. Different type of object ?.
97. What is SSL inspection ?.
98. Different type of Translation ? .
98. What is Identity NAT ?.
99. How do troubleshoot HA ?.
100. What is L2 and L3 monitoring in HA ?.
101. What is stateful firewall ? .
102. Difference between encryption and hash ?.
103. What is symmetric and asymmetric encryption ? .

104. What is route based policy and policy based policy.

Route based and policy based VPN differs based on how the traffic handled by Encryption domain. 

If the Encryption  domain encrypt all the traffic which is goes through VPN that is route based. 

If the same Traffic is matches some policies and only encrypt the allowed network traffics is policy based.

Policy based VPN:

=============

 

We  use policy based VPN when we need a more control on the VPN traffic.

It is useful when we use Dial up VPN(Dynamic VPN).

Even we can route traffic to different different next hop based on the subnet.

Policy based VPN need to configure each by each.. hop by hop.

========================

Flags of TCP :

===========

SYN

URG

ACK

PSH

FIN

RST

ECE Echo

CWR 

NS

Explain TCP 3 way HandShaks:

SYN==>>Initiates the connection

Ack

Ack(Establishment)

============================

When three way handshakes happens, The sequence and Acknowledgement number will be 0 on both side initiates the traffic.

But the Flag set might be change as per ACK or SYNC..

From Clients: 

SYNC packets Acknowledge number 0 Sequence number 0 

From Server: 

SYNC ACK packets Acknowledge number 1 Sequence number 0.

From Client :

ACK packets Acknowledge number 1 Sequence number 1.

======================================

GRE Over IPSec technology used when we need  a Dynamic VPN.

It is useful when try to use multicast traffic over VPN.

105: What is VLAN pruning..

If we enable VLAN pruning.. 

It won't allow the vlan on the trunk  which is not needed. Which helps to reduce the broadcast.

It only sent the VLAN traffic  when It needed .. but not all the time.