Here are 100 networking interview questions and answers, covering OSI model, TCP/IP, protocols, IP addressing, subnetting, routing, switching, DNS, HTTP, security, troubleshooting, and advanced topics. Each question is in bold, followed by a detailed answer. No dividing lines.
What is a computer network and why is it important?
Answer: A computer network connects multiple devices (computers, servers, printers) to share resources, data, and communication. It enables email, file sharing, internet access, and centralized management. Networks are foundational to modern IT infrastructure.
What is the OSI model and what are its seven layers?
Answer: The OSI (Open Systems Interconnection) model is a conceptual framework for understanding network communication. Layers: 1 Physical (bits, cables), 2 Data Link (frames, MAC addresses, switches), 3 Network (packets, IP addresses, routers), 4 Transport (segments, TCP/UDP), 5 Session (dialog management), 6 Presentation (encryption, compression), 7 Application (HTTP, FTP, SMTP).
What is the TCP/IP model and how does it differ from OSI?
Answer: TCP/IP model has four layers: Network Interface (Physical + Data Link), Internet (Network), Transport, Application (Session+Presentation+Application). It is more practical and aligns with real protocols. OSI is theoretical; TCP/IP is the actual model used on the internet.
What is a protocol? Give examples.
Answer: A protocol is a set of rules for data communication between devices, ensuring interoperability. Examples: TCP (Transmission Control Protocol), IP (Internet Protocol), HTTP (web), FTP (file transfer), SMTP (email), ARP (address resolution).
What is the difference between TCP and UDP?
Answer: TCP is connection‑oriented, reliable, in‑order, error‑checked, and slower (used for Web, email, FTP). UDP is connectionless, unreliable, faster, no ordering guarantee (used for streaming, DNS, VoIP). TCP uses handshake; UDP does not.
What is a three‑way handshake in TCP?
Answer: The handshake establishes a TCP connection: 1) Client sends SYN, 2) Server replies SYN‑ACK, 3) Client sends ACK. After this, data transfer begins. A four‑way handshake (FIN) closes the connection.
What are TCP ports? Give common port numbers.
Answer: Ports identify specific services on a device. Common: 80 (HTTP), 443 (HTTPS), 22 (SSH), 25 (SMTP), 53 (DNS), 21 (FTP), 3306 (MySQL), 3389 (RDP). Range 0‑65535; well‑known 0‑1023.
What is an IP address? What are the versions?
Answer: An IP address is a unique identifier for a device on a network. IPv4: 32‑bit dotted decimal (e.g., 192.168.1.1). IPv6: 128‑bit hexadecimal, to overcome IPv4 exhaustion (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).
What is the difference between IPv4 and IPv6?
Answer: IPv4 has 4.3 billion addresses. IPv6 has 340 undecillion addresses. IPv6 eliminates NAT (often), has built‑in IPSec, simplified header, and no broadcast. Represented as 8 groups of 4 hex digits; leading zeros and consecutive zero groups can be compressed.
What is a subnet mask? How does it work?
Answer: A subnet mask divides an IP address into network and host portions. Example: 255.255.255.0 means first 24 bits are network, last 8 bits are host. CIDR notation: /24. Used to determine if two IPs are on the same subnet.
How do you calculate the number of usable hosts in a subnet?
Answer: For /n, number of host bits = 32‑n. Total addresses = 2^(32‑n). Usable hosts = total addresses minus 2 (network address and broadcast address). Example: /24 gives 256 total, 254 usable.
What is CIDR (Classless Inter‑Domain Routing)?
Answer: CIDR allows flexible subnetting using variable length subnet masks (VLSM), replacing classful addressing (A, B, C). Represented as IP/prefix (e.g., 192.168.1.0/24). Improves address utilization.
What is NAT (Network Address Translation) and why is it used?
Answer: NAT translates private IP addresses to a public IP for internet access, conserving IPv4 addresses and hiding internal network structure. Common types: SNAT (source NAT), DNAT (destination NAT), PAT (port address translation – many private to one public).
What is the difference between a public IP and a private IP?
Answer: Public IPs are globally unique and routable on the internet. Private IPs are reserved for internal networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and not routable on the internet. NAT is used to map private to public.
What is ARP (Address Resolution Protocol)?
Answer: ARP resolves an IPv4 address to a MAC address (layer 3 to layer 2). A device broadcasts “Who has IP X?”; the owner replies with its MAC. ARP cache stores mappings. Inverse ARP (for Frame Relay) and RARP (reverse) exist.
What is a MAC address?
Answer: MAC (Media Access Control) address is a unique hardware identifier burned into network interfaces (48 bits, hex). Example: 00:1A:2B:3C:4D:5E. Operates at layer 2. First 3 bytes are OUI (vendor), last 3 are device serial.
What is a switch? How does it differ from a hub?
Answer: A switch forwards frames based on MAC addresses, creating a collision domain per port, allowing full‑duplex communication. A hub repeats signals to all ports, causing collisions (half‑duplex). Switches are smarter and more efficient.
What is a router? What is its primary function?
Answer: A router forwards packets between networks based on IP addresses and routing tables. It connects different subnets and the internet. Routers operate at layer 3. They perform packet switching, NAT, and firewall functions.
What is the difference between a router and a switch?
Answer: Router works at layer 3 (IP), connects different networks, uses routing tables. Switch works at layer 2 (MAC), connects devices within the same network, uses MAC address tables. Some switches have layer 3 routing capabilities.
What is a VLAN (Virtual Local Area Network)?
Answer: A VLAN logically segments a physical network into isolated broadcast domains. Improves security, reduces broadcast traffic, and simplifies management. VLAN tagging (802.1Q) identifies which VLAN a frame belongs to.
What is a gateway?
Answer: A gateway is a device (often a router) that acts as an entry/exit point between two networks. The default gateway is the IP address a device uses to reach networks outside its own subnet.
What is DHCP and how does it work?
Answer: Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses, subnet masks, gateways, and DNS servers to devices. Process: DISCOVER (client), OFFER (server), REQUEST (client), ACK (server). Reduces manual configuration.
What is DNS and how does it work?
Answer: Domain Name System (DNS) translates domain names (example.com) to IP addresses. Process: client queries recursive resolver → root → TLD → authoritative name server → returns IP. Types: A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), TXT (text).
What are the different types of DNS records?
Answer: A (IPv4 address), AAAA (IPv6), CNAME (canonical name, alias), MX (mail exchange), TXT (text, e.g., SPF, DKIM), NS (name server), SOA (start of authority), PTR (reverse lookup), SRV (service location).
What is HTTP and HTTPS? How are they different?
Answer: HTTP (Hypertext Transfer Protocol) is plaintext, port 80. HTTPS adds SSL/TLS encryption (port 443), providing confidentiality, integrity, and authentication. HTTPS is used for secure web browsing.
What is a URL?
Answer: Uniform Resource Locator: protocol://domain:port/path?query#fragment. Example: https://example.com:443/index.html?id=123.
What is an HTTP method? Name common ones.
Answer: GET (retrieve data), POST (submit data), PUT (update/replace), PATCH (partial update), DELETE (remove), HEAD (headers only), OPTIONS (allowed methods), CONNECT, TRACE.
What is a status code? Give categories.
Answer: 1xx (informational), 2xx (success – 200 OK, 201 Created), 3xx (redirection – 301 Moved Permanently, 302 Found), 4xx (client error – 404 Not Found, 403 Forbidden), 5xx (server error – 500 Internal Server Error, 503 Unavailable).
What is the difference between a cookie and a session?
Answer: Cookies are stored client‑side, include data, may expire. Sessions are stored server‑side, identified by session ID (in cookie or URL). Sessions are more secure for sensitive data.
What is a proxy server?
Answer: A proxy acts as an intermediary between client and server, providing anonymity, caching, filtering, or logging. Forward proxy (client side), reverse proxy (server side – load balancing, security).
What is a firewall?
Answer: A firewall monitors and controls incoming/outgoing network traffic based on security rules. Can be hardware or software. Types: packet filtering, stateful inspection, application‑layer (next‑gen firewall).
What is a VPN (Virtual Private Network)?
Answer: A VPN creates an encrypted tunnel over a public network, providing privacy and security. Used for remote access, site‑to‑site connectivity, and bypassing geographic restrictions. Protocols: IPSec, OpenVPN, WireGuard.
What is the difference between symmetric and asymmetric encryption?
Answer: Symmetric uses same key for encryption and decryption (fast, AES). Asymmetric uses public/private key pair (slower, RSA, used for key exchange and digital signatures). TLS uses both.
What is SSL/TLS?
Answer: Secure Sockets Layer / Transport Layer Security encrypts communication between client and server. TLS is the modern standard. Provides encryption, certificate‑based authentication, and data integrity. Used with HTTPS, VPNs.
What is a subnet and why do we subnet?
Answer: A subnet is a logical subdivision of an IP network. Subnetting improves network performance, reduces broadcast traffic, enhances security, and makes efficient use of IP addresses.
Explain the difference between a static IP and a dynamic IP.
Answer: Static IP is manually assigned and never changes, used for servers. Dynamic IP is assigned by DHCP and may change over time (used for most client devices). Static requires configuration; dynamic automatic.
What is a default gateway?
Answer: The default gateway is the router that a device sends packets to when the destination is not on the same local subnet. It is a critical piece of IP configuration.
What is ICMP (Internet Control Message Protocol)?
Answer: ICMP is used for error reporting and diagnostics. Common uses: ping (echo request/reply), traceroute, destination unreachable, time exceeded. ICMP is encapsulated in IP.
What is ping and traceroute?
Answer: ping tests connectivity and measures round‑trip time using ICMP echo. traceroute shows each router (hop) a packet travels to a destination, using ICMP or UDP with incrementing TTL.
What is TTL (Time To Live)?
Answer: TTL is a field in IP packets that limits the number of hops a packet can traverse before being discarded. Prevents infinite loops. Typically starts at 64 or 128; each router decrements by 1.
What is a routing table?
Answer: A routing table stored in routers contains routes (destination network, next hop, interface, metric). Used to forward packets. Can be static (manual) or dynamic (learned via routing protocols).
What are dynamic routing protocols? Name examples.
Answer: Dynamic routing automatically exchanges routes. IGP: RIP (distance vector), OSPF (link state), EIGRP (Cisco proprietary). EGP: BGP (used between ASes). OSPF is widely used in enterprise networks.
What is the difference between OSPF and BGP?
Answer: OSPF is an interior gateway protocol (IGP) for within a single autonomous system (AS). BGP is an exterior gateway protocol (EGP) for routing between ASes on the internet. OSPF uses link‑state, BGP uses path‑vector.
What is a broadcast domain?
Answer: A broadcast domain is a logical segment where a broadcast frame (MAC FF:FF:FF:FF:FF:FF) is received by all devices. Routers break broadcast domains; switches do not. VLANs also separate broadcast domains.
What is a collision domain?
Answer: A collision domain is a network segment where simultaneous transmissions can collide. Hubs create a single collision domain; switches create a per‑port collision domain. Full‑duplex eliminates collisions.
What is a MAC flooding attack?
Answer: MAC flooding overwhelms a switch’s MAC address table, causing it to fail open (like a hub), enabling sniffing. Mitigation: port security, MAC limiting, and using switches with CAM table protection.
What is the difference between a hub, a switch, and a router?
Answer: Hub (layer 1) repeats signals, causes collisions. Switch (layer 2) forwards frames based on MAC, creates isolated collision domains. Router (layer 3) forwards packets between networks, isolating broadcast domains.
What is PoE (Power over Ethernet)?
Answer: PoE delivers electrical power over standard Ethernet cables to devices like IP cameras, phones, and access points. Standards: 802.3af (up to 15.4W), 802.3at (25.5W), 802.3bt (60W/100W).
What is a DMZ (Demilitarized Zone)?
Answer: A DMZ is a network segment that separates internal LAN from external (internet). DMZ hosts public‑facing services (web servers, email) so that if compromised, internal network remains protected.
What is the difference between a LAN, MAN, and WAN?
Answer: LAN (Local Area Network) covers a small area (home, office). MAN (Metropolitan Area Network) covers a city. WAN (Wide Area Network) covers large geographic areas (internet, corporate networks).
What is a network topology? Name common types.
Answer: Topology describes physical or logical layout. Types: Bus (single cable, obsolete), Star (central switch), Ring (token ring), Mesh (multiple redundant connections), Tree (hierarchical), Hybrid.
What is Ethernet?
Answer: Ethernet is the most common family of LAN technologies (IEEE 802.3). Uses CSMA/CD (half‑duplex) originally, now full‑duplex with switches. Speeds: 10 Mbps, 100 Mbps, 1 Gbps, 10 Gbps, 40/100 Gbps.
What is the purpose of a network address (subnet) and broadcast address?
Answer: The network address (all host bits 0) identifies the subnet. The broadcast address (all host bits 1) sends a packet to all hosts on that subnet. They cannot be assigned to hosts.
How do you convert binary to decimal and vice versa for IP addresses?
Answer: Convert each octet. Example: 192 = 11000000, 168 = 10101000, 1 = 00000001. Use base‑2 positional weights (128,64,32,16,8,4,2,1). To convert binary to decimal, sum weights for bits set.
What is classful addressing?
Answer: Old scheme: Class A (0‑127, /8), B (128‑191, /16), C (192‑223, /24), D (multicast), E (reserved). Replaced by CIDR to avoid waste.
What is a loopback address?
Answer: IPv4 loopback is 127.0.0.0/8 (usually 127.0.0.1). IPv6 loopback is ::1. It refers to the local device, used for testing and communication with self.
What is APIPA (Automatic Private IP Addressing)?
Answer: APIPA (169.254.0.0/16) is automatically assigned by Windows when DHCP fails. Allows link‑local communication without a router. No default gateway.
What is a DNS forwarder?
Answer: A DNS forwarder passes DNS queries that it cannot resolve to an external DNS server (like ISP). Used to reduce load on root servers and improve performance.
What is a recursive DNS query vs iterative?
Answer: Recursive query: the DNS resolver fully resolves the query by contacting multiple servers. Iterative: the resolver returns the best answer it knows (like a referral), and the client must repeat queries.
What is a DoS attack?
Answer: Denial of Service (DoS) attack overwhelms a system, making it unavailable. Distributed DoS (DDoS) uses many compromised machines (botnet). Mitigation: rate limiting, firewalls, CDN, blackholing.
What is SYN flood?
Answer: A SYN flood sends many TCP SYN packets without completing the handshake, exhausting server resources. Mitigation: SYN cookies, reducing SYN‑ACK retries.
What is a man‑in‑the‑middle attack?
Answer: An attacker intercepts communication between two parties, potentially reading or modifying data. Prevention: encryption (TLS), certificate validation, mutual authentication.
What is IPSec?
Answer: IP Security (IPSec) authenticates and encrypts IP packets at layer 3, used for VPNs. Two modes: Transport (encrypts payload), Tunnel (encrypts entire IP packet). Components: AH (authentication), ESP (encryption+authentication).
What is a certificate authority (CA)?
Answer: A CA issues digital certificates that bind a public key to an entity (domain, organization). Browsers trust root CAs; certificates enable HTTPS.
What is a TLS handshake?
Answer: The TLS handshake establishes a secure connection: client hello (cipher suites), server hello (chosen cipher, certificate), key exchange (Diffie‑Hellman or RSA), finished messages. Then secured communication begins.
What is the difference between HTTP/1.1, HTTP/2, and HTTP/3?
Answer: HTTP/1.1 uses sequential requests, head‑of‑line blocking. HTTP/2 adds multiplexing, header compression, server push. HTTP/3 uses QUIC (UDP), reduces latency, and avoids head‑of‑line blocking at transport layer.
What is a web socket?
Answer: WebSocket provides full‑duplex, persistent communication over a single TCP connection, using HTTP upgrade handshake. Used for real‑time apps (chat, gaming, live feeds).
What is a MAC table (CAM table) in a switch?
Answer: The MAC address table maps MAC addresses to switch ports. Switches learn MACs from incoming frames and forward frames based on this table. Aging is configurable.
What is STP (Spanning Tree Protocol)?
Answer: STP (802.1D) prevents loops in redundant network topologies by blocking ports. Uses bridge protocol data units (BPDUs) to elect a root bridge and determine blocking ports. RSTP (802.1w) provides faster convergence.
What is VLAN trunking (802.1Q)?
Answer: 802.1Q adds a VLAN tag (4 bytes) to Ethernet frames, allowing multiple VLANs to traverse a single link (trunk). Used between switches and to routers. Native VLAN can be untagged.
What is a subnet mask in CIDR notation?
Answer: CIDR notation is /bits (e.g., /24). Number of network bits. Subnet mask: /24 = 255.255.255.0, /16 = 255.255.0.0, /8 = 255.0.0.0.
What is a VRF (Virtual Routing and Forwarding)?
Answer: VRF allows multiple independent routing tables on the same router, enabling network segmentation (used in MPLS VPNs, multi‑tenant environments). Each VRF has its own routes and interfaces.
What is MPLS (Multiprotocol Label Switching)?
Answer: MPLS uses labels (not IP) to forward packets, improving speed and enabling traffic engineering and VPNs. Routers swap labels instead of performing IP lookup each hop. Common in ISP cores.
What is quality of service (QoS)?
Answer: QoS manages network resources to prioritize certain traffic (VoIP, video) over others. Techniques: classification, marking (DSCP), queuing (WFQ), traffic shaping, policing.
What is the difference between bit rate and baud rate?
Answer: Bit rate is bits per second. Baud rate is symbols per second. One symbol can carry multiple bits (e.g., QAM‑64 sends 6 bits per symbol). Bit rate = baud rate × bits per symbol.
What is a network interface card (NIC)?
Answer: A NIC is hardware that connects a device to a network (Ethernet, Wi‑Fi). It has a MAC address and provides physical layer connectivity.
What is a wireless access point (WAP)?
Answer: A WAP connects wireless devices to a wired network. It acts as a bridge. Multiple APs can provide seamless roaming with controller or mesh protocols.
What are SSID and BSSID in Wi‑Fi?
Answer: SSID is the network name (human‑readable). BSSID is the MAC address of the access point. Multiple APs can share the same SSID (roaming).
What is the difference between 2.4 GHz and 5 GHz Wi‑Fi?
Answer: 2.4 GHz has longer range and better penetration but is more crowded. 5 GHz offers higher speeds, more channels, but shorter range. 6 GHz (Wi‑Fi 6E) adds more capacity.
What is the OSI layer that switches operate at?
Answer: Switches primarily operate at Layer 2 (Data Link). Multilayer switches can also route at Layer 3.
What is a multilayer switch?
Answer: A switch that can perform both switching (Layer 2) and routing (Layer 3) functions. Often used as a core switch in enterprise networks.
What is a network broadcast vs a multicast vs unicast?
Answer: Unicast: one‑to‑one. Broadcast: one‑to‑all (limited to subnet). Multicast: one‑to‑many (members of a group, e.g., streaming video). Multicast uses IGMP.
What is IGMP (Internet Group Management Protocol)?
Answer: IGMP manages membership of IPv4 multicast groups. Hosts join/leave groups; routers maintain group membership. Used for streaming media.
What is a route summarization?
Answer: Route summarization (aggregation) combines multiple routes into a single more general route, reducing routing table size. Example: 192.168.0.0/24, 192.168.1.0/24 → 192.168.0.0/23.
What is a floating static route?
Answer: A static route with a higher administrative distance (metric) than the primary dynamic route, acting as a backup. Used for failover.
What is administrative distance (AD)?
Answer: AD is a measure of trustworthiness of a route source. Lower AD is preferred. Examples: directly connected (0), static (1), OSPF (110), RIP (120), BGP (20 external, 200 internal).
What is BGP (Border Gateway Protocol)?
Answer: BGP is the routing protocol of the internet, used between autonomous systems (AS). It uses path attributes (AS_PATH, next hop, local pref) to determine best path. BGP is policy‑based.
What is an autonomous system (AS)?
Answer: An AS is a collection of networks under a single administrative entity. AS numbers (ASN) are unique identifiers used with BGP.
What is VLSM (Variable Length Subnet Mask)?
Answer: VLSM allows using different subnet masks within the same major network, improving address efficiency. Required for modern routing protocols (OSPF, EIGRP).
What is a secondary IP address?
Answer: Secondary IP addresses allow a single interface to have multiple IP addresses on different subnets. Rarely used; often better to use VLANs.
What is a network analyzer (packet sniffer)?
Answer: A tool that captures and inspects network traffic (Wireshark, tcpdump). Used for troubleshooting, security analysis, and protocol debugging.
What is the purpose of tracert / traceroute?
Answer: Traces the path packets take to a destination, showing each hop (router) and round‑trip times. Uses ICMP (Windows) or UDP (Linux) with increasing TTL.
What is the difference between netstat, ss, and lsof?
Answer: netstat shows network connections, routing tables, interfaces (deprecated). ss (socket statistics) is modern replacement, faster. lsof -i lists open network files and connections.
What is the purpose of the arp command?
Answer: arp displays and modifies the ARP cache. Commands: arp -a (show table), arp -d (delete entry). Used for troubleshooting duplicate IP addresses or MAC resolution issues.
What is latency, jitter, and packet loss?
Answer: Latency is delay (ms). Jitter is variation in latency. Packet loss is percentage of packets lost. Important for real‑time applications (VoIP, gaming). Measured with ping and iperf.
What is throughput?
Answer: Throughput is the actual data transfer rate achieved, measured in bits per second (bps). Less than bandwidth due to overhead, congestion, or errors.
What is the difference between half‑duplex and full‑duplex?
Answer: Half‑duplex communication sends/receives one direction at a time (walkie‑talkie). Full‑duplex sends and receives simultaneously (phone). Ethernet with switches is full‑duplex; hubs half‑duplex.
What is auto‑negotiation in Ethernet?
Answer: Auto‑negotiation allows two devices to automatically select the best common speed and duplex. Usually works well; mismatches cause issues. Managed switches can fix speed/duplex manually.
What is the difference between UTP, STP, and fiber optic cabling?
Answer: UTP (Unshielded Twisted Pair) is common Ethernet cable, cheap, subject to interference. STP has shielding for EMI. Fiber optic uses light, immune to EMI, long distances, higher bandwidth.
What is the meaning of “cat” in Ethernet cable (Cat5e, Cat6)?
Answer: Category specifies cable performance (frequency, speed). Cat5e (1 Gbps, 100m), Cat6 (10 Gbps up to 55m), Cat6a (10 Gbps 100m), Cat7, Cat8 (25/40 Gbps).
What is PoE and what standards exist?
Answer: PoE delivers power over Ethernet. 802.3af (15.4W), 802.3at (25.5W, PoE+), 802.3bt (60W/100W, PoE++). Power sourcing equipment (PSE) and powered devices (PD) negotiate power.
What is a crossover cable and when is it used?
Answer: Crossover cable swaps transmit and receive pairs. Used to connect two similar devices (switch‑switch, PC‑PC) directly before Auto MDI‑X became common. Now auto‑detection makes it unnecessary.
What is a console port on a network device?
Answer: Console port provides out‑of‑band management access (RS‑232 serial). Used for initial configuration and recovery when network access is lost.
What is a managed switch vs unmanaged switch?
Answer: Unmanaged switch plug‑and‑play, no configuration. Managed switch supports VLANs, QoS, port mirroring, SNMP, spanning tree, remote management. Used in enterprise.
What is SNMP (Simple Network Management Protocol)?
Answer: SNMP is used for network device monitoring and management. Components: manager, agent, MIB. Versions: v1/v2c (community strings, insecure), v3 (authentication, encryption).
What is NetFlow / sFlow?
Answer: NetFlow (Cisco) and sFlow (sampled) provide flow data (source/destination IP, ports, bytes) for traffic analysis, billing, and anomaly detection.
What is a network tap?
Answer: A hardware device that copies network traffic (SPAN port alternative) without affecting the original connection. Used for passive monitoring and security appliances.
What is the difference between a bridge and a switch?
Answer: A bridge connects two network segments and forwards based on MAC (software). A switch is a multi‑port bridge (hardware acceleration). Both operate at layer 2.
What is a network loop and why is it dangerous?
Answer: A loop occurs when there are multiple paths between switches, causing broadcast storms and MAC table instability. Spanning Tree Protocol (STP) prevents loops.
What is an EtherChannel (link aggregation)?
Answer: EtherChannel (LACP, PAgP) combines multiple physical links into a single logical link, increasing bandwidth and redundancy. Supports up to 8 links.
What is the difference between LACP and static link aggregation?
Answer: LACP (802.3ad) is a dynamic protocol that negotiates link aggregation and detects misconfigurations. Static aggregation does not negotiate; harder to troubleshoot.
What is a loopback interface (virtual) on a router?
Answer: A virtual interface that is always up (unless manually shut). Used for router ID, management, and stability in routing protocols. Does not depend on physical links.
What is route redistribution?
Answer: Redistribution allows routes from one routing protocol (or static) to be injected into another (e.g., OSPF into BGP). Must be done carefully to avoid loops.
What is a passive interface in OSPF?
Answer: A passive interface is configured on a network segment where no OSPF neighbor exists. It still advertises that network but does not send OSPF hello packets, reducing overhead.
What is a stub area in OSPF?
Answer: A stub area does not accept external (type 5) LSAs. It reduces routing table size. Totally stubby areas also block summary (type 3) LSAs, default route injected.
What is the difference between distance vector and link state protocols?
Answer: Distance vector (RIP) shares full routing tables with neighbors (Bellman‑Ford), slow convergence. Link state (OSPF, IS‑IS) shares link state information, builds topological map, faster convergence.
What is an ASN (Autonomous System Number)?
Answer: ASN is a globally unique number assigned to an AS for BGP peering. 16‑bit (1‑64511 public, 64512‑65535 private) and 32‑bit (extension).
What is the purpose of the dig command?
Answer: dig (Domain Information Groper) is a DNS query tool. Examples: dig example.com, dig -x 8.8.8.8 (reverse lookup), dig +trace (show resolution path).
What is the difference between nslookup and dig?
Answer: nslookup is legacy; dig is more powerful and detailed. dig is preferred for debugging.
What is a split‑horizon DNS?
Answer: Split‑horizon DNS returns different DNS answers depending on the client’s source IP (internal vs external). Used to provide internal and external views of the same domain.
What is a DNS TTL?
Answer: TTL (Time To Live) in DNS records indicates how long a resolver should cache the record, in seconds. Lower TTL allows faster updates, higher TTL reduces query load.
What is the difference between TCP and UDP for DNS?
Answer: DNS primarily uses UDP (port 53) for small queries/responses (max 512 bytes). TCP (port 53) is used for responses larger than 512 bytes (DNSSEC, zone transfers).
What is a TCP window size?
Answer: The TCP window announces how much data the receiver can accept before acknowledging. Window scaling (RFC 7323) allows larger windows for high‑latency, high‑bandwidth links.
What is the sliding window protocol in TCP?
Answer: TCP sliding window improves throughput by allowing multiple segments to be sent before ACK. The window size determines the amount of outstanding data.
What is a TCP retransmission?
Answer: If an ACK is not received within a timeout (RTO), TCP retransmits the segment. Duplicate ACKs trigger fast retransmit (before timeout).
What is TCP slow start?
Answer: Congestion control mechanism that starts with a small congestion window (cwnd) and doubles every RTT until loss is detected or ssthresh is reached.
What is the difference between TCP and UDP header sizes?
Answer: TCP header is 20‑60 bytes (options), UDP header is 8 bytes. This contributes to TCP’s overhead.
What is a network bridge (transparent bridge)?
Answer: A device that connects two network segments and forwards frames based on MAC addresses. It learns MACs and filters traffic, improving performance. Switches evolved from bridges.
What is a fiber optic transceiver (SFP)?
Answer: Small Form‑factor Pluggable (SFP) modules convert electrical to optical signals for fiber links. Variants: SFP (1G), SFP+ (10G), QSFP (40G/100G), QSFP28 (100G).
What is DWDM (Dense Wavelength Division Multiplexing)?
Answer: DWDM combines multiple optical signals on a single fiber using different wavelengths (channels). Used for long‑haul and high‑capacity links (Tbps).
What is the difference between a backbone and a distribution network?
Answer: Backbone (core) connects major network segments with high speed and redundancy. Distribution (distribution layer) connects access switches to the core, applies routing policies.
What is a network segmentation?
Answer: Network segmentation divides a network into smaller subnets or VLANs to improve performance, security, and management. Achieved with routers, firewalls, VLANs.
What is the principle of least privilege in network security?
Answer: Users and devices should only have the minimum necessary network access to perform their functions. Implemented via firewalls, ACLs, VLANs, and zero trust models.
What is a DMZ and how is it structured?
Answer: A DMZ sits between internal LAN and external internet, often using a triple‑homed firewall or two firewalls. Public servers in DMZ; internal LAN behind second firewall.
What is stateful vs stateless firewall?
Answer: Stateful firewall tracks connection state (TCP handshake, sequence numbers), allowing return traffic automatically. Stateless filters each packet based on rules only, no context.
What is ACL (Access Control List) on routers?
Answer: ACLs are ordered lists of permit/deny rules applied to interfaces. Can filter IP addresses, protocols, ports. Standard (source IP) vs Extended (source/dest IP, port, protocol).
Why should we hire you as a networking professional?
Answer: I have a strong understanding of the OSI model, TCP/IP, subnetting, routing protocols, and network security. I can troubleshoot using command‑line tools (ping, traceroute, netstat, tcpdump). I have experience with switching (VLANs, STP) and routing (static, OSPF). I stay current with technologies like SD‑WAN, automation (Ansible), and cloud networking. I also communicate solutions clearly and document configurations.