Interview Q&A Network

Engineer(L1)
3-way handshake:—
The 3-way handshake is a fundamental process in the TCP Transmission
Control Protocol) used to establish a reliable connection between a client and a
server. This handshake ensures that both parties are ready to send and receive
data before the communication starts.
three steps to establish the connection in 3-way handshakes:

Client sends SYN.

Server responds with
SYN-ACK.
Client confirms with
ACK.

1. SYN (Synchronize)

The client initiates the connection by sending a SYN (synchronize) packet

to
the server.

2. SYN-ACK (Synchronize-Acknowledge)

The server responds to the client with a SYN-ACK packet:

3. ACK (Acknowledge)

The client sends an ACK packet back to the server:

TCP/IP:—
TCP/IP has a 4-layer architecture, which is simpler than the 7-layer OSI model.
The layers are:—

1. Application Layer

Combines the OSI model's Application, Presentation, and Session

layers.

Interview Q&A Network Engineer(L1) 1

 Provides protocols for specific network services such as:

HTTP (Web browsing), FTP (File Transfer), SMTP (Email), DNS

(Domain name resolution)

This is the interface between the user and the network.

2. Transport Layer

Ensures reliable communication between devices.

Key protocols:

TCP (Transmission Control Protocol): Reliable, connection-oriented

communication with error detection and recovery. Used for
applications like web browsing (HTTP) and email (SMTP).

UDP (User Datagram Protocol): Unreliable, connectionless

communication with minimal overhead. Used for real-time
applications like VoIP and streaming.

Functions:

Flow control

Error checking

Segmentation and reassembly of data

3. Internet Layer

Responsible for logical addressing and routing of data packets.

Key protocols:

IP (Internet Protocol): Delivers packets to their destination using IP

addresses.

IPv4: 32-bit addressing.

IPv6: 128-bit addressing for a larger address space.

ICMP (Internet Control Message Protocol): Sends error messages

(e.g., destination unreachable).

ARP (Address Resolution Protocol): Resolves IP addresses to MAC

addresses.

4. Network Access Layer

Combines the OSI model's Data Link and Physical layers.

Interview Q&A Network Engineer(L1) 2

 Deals with the physical transmission of data over the network medium.

Handles:

Framing

MAC addressing

Error detection at the data link layer

Protocols include Ethernet, Wi-Fi, and PPP.

Explain Routing:—
Routing is finding the right path for transferring data from the source to the
destination.
Forwarding of packets from one network to another by choosing the best path
from the routing table.

The routing table consists of only the best routes for every destination.

Types of Routing:—

1. Static Routing
2. Default Routing
3. Dynamic Routing
Static Routing——

Routes are manually configured by a network administrator. They don't change

unless updated manually.

Mandatory need for Destination Network ID.

It is Secure & fast Used for Small organizations with a network of 10 - 15
Routers.

Configuring Static Route -

Router(config)# ip route <Destination Network ID> <Destinatio

<Next-hop IP address >

Default Routing —-

Interview Q&A Network Engineer(L1) 3

 Used to route data packets to a default destination when no specific route is
found in the routing table.
A loopback interface is a logical, virtual interface in a Cisco Router. A loopback
interface is not a
physical interface like a Fast Ethernet interface or Gigabit Ethernet interface. A
loopback interface has many uses.

Create a Loopback Interface:

Router(config)# interface loopback 0

Router(config-if)# ip address <IP Address> <Subnet Mask>
Router(config-if)# exit

Default routing Configuration-

R1(config)#ip route [Link] [Link] [Link]

Dynamic Routing —-

In dynamic routing, we configure a dynamic routing protocol that learns routes

automatically.
and also updates the routing table dynamically when changes happen in the
network.
Routes are updated automatically based on network conditions using routing
protocols.

Protocols:—
 RIP, EIGRP, OSPF, BGP.

Comparison: L2 Router vs. L3 Router:—

Feature Layer 2 Router Layer 3 Router

Data Link (L2) + Limited

OSI Layer Network Layer (L3)
Network (L3)

Routing Capability Limited (Static, Inter-VLAN) Full (Static + Dynamic)

Packet Forwarding Based on MAC addresses Based on IP addresses

Dynamic Routing Fully supported (e.g., OSPF,

Not supported
Protocols BGP)

Interview Q&A Network Engineer(L1) 4

 Small networks, VLAN Complex, large-scale
Primary Use Case
environments networks

Routing Table Limited Maintains full routing table

Explain Switching—
witching is a process used in networks to direct data from one device to
another, ensuring it reaches the right destination.

There are three main types of switching:

1. Circuit Switching:

A direct, dedicated path is set up between two devices for the duration of
communication, like a traditional telephone call.

1. Packet Switching:

Data is broken into small packets and sent independently through the best
available paths. The packets are reassembled at the destination and used on
the internet.

1. Message Switching:

Entire messages are sent from one switch to another, stored temporarily, and
then forwarded.

Comparison: L2 Switch vs. L3 Switch

Feature Layer 2 Switch Layer 3 Switch

OSI Layer Layer 2 (Data Link) Layer 2 (Switching) + Layer 3 (Routing)

Forwarding Based on MAC Based on MAC (L2) and IP (L3)

Decision addresses addresses

Routing Capability Not supported Fully supported (static + dynamic)

Requires an external
Inter-VLAN Routing Built-in inter-VLAN routing
router

Dynamic Routing
Not supported Supported (e.g., OSPF, EIGRP)
Protocols

VLANs create VLANs create broadcast domains, and

Broadcast Domains
broadcast domains the switch can route between them

Use Case Small LANs Enterprise or complex networks

Interview Q&A Network Engineer(L1) 5

 What is a Firewall explain:—
A firewall is a network security device or network security system that system
which helps to provide security to the intranet (private Network). So, that not
any unauthorized user can enter into their area. we can also apply security on
routers (networking devices) as well but only to some extent. Routers provide
very little security (Layer 3 device, work on Internet Layer).

It acts as a barrier between a trusted internal network and untrusted external

networks, such as the Internet, to protect systems from unauthorized access,
cyberattacks, and other security threats.
Types of firewalls —

1. network firewalls or

2. host-based firewalls

Network firewalls —

These firewalls operate at the network level and are deployed at strategic
points within a network, such as between an internal network and the Internet.
Purpose: Protects an entire network by filtering traffic that enters or exits it.

Features:

1. Scope of Protection: Secures multiple devices within a network.

2. Packet Filtering: Analyzes and filters traffic based on IP addresses, ports,

and protocols.

3. Scalability: Suitable for protecting large-scale networks.

host-based firewalls—

These firewalls are installed directly on individual devices (hosts), such as

servers, PCs, or laptops, to protect that specific machine.

Purpose: Monitors and controls traffic to and from a single device.

Features:

1. Scope of Protection: Secures a single host.

2. Application-Level Filtering: Can monitor specific applications and

processes.

3. Custom Rules: Rules can be customized per device, offering granular

control.

Interview Q&A Network Engineer(L1) 6

 1. Some import Port Numbers

HTTP - 80

SMTP - 25
SSH - 22

Telnet - 23
HTPPs - 443
FTP - 20 & 21

DHCP — client (68), server (67)

How do you configure a basic firewall rule?

Log in to the Firewall interface.

Navigate to the Firewall Policy section.

Create a new policy by defining source and destination addresses,

services, and actions (allow or deny).

6. What is the difference between stateful and stateless

firewalls?
Stateful Firewalls:

Track the state of active connections and make decisions based on the context
of traffic.
A stateful firewall is located in Layer 3 and Layer 4 of the Open Systems
Interconnection OSI (Model)

It keeps track of the state of network connections.

This means that it knows the current status of the process.
This firewall adds the traffic into a stable table once it is approved.

Stateful firewalls can detect fake messaging and unauthorized access.

They have a powerful memory as they remember the main aspects of network
connections.

They have stronger attack mitigation.

Stateless Firewalls:

Interview Q&A Network Engineer(L1) 7

 Make decisions based solely on predefined rules without tracking connection
states.

tateless firewalls are also known as Access Control Lists (ACLs).

They are not aware of the current state of connection/incoming traffic.
ACLs are present in the network or physical layers and sometimes, in the
transport layer.
The device accepts or rejects an incoming packer by checking if it matches the
ACL rules or not.

Stateless firewalls are faster than stateful firewalls.

They perform better in heavy traffic because they do not dive deep into a
packet's information like stateful firewalls do.

8. How can you monitor traffic on a Fortinet firewall?

Use the built-in logging features in FortiOS to track traffic patterns.

Access the dashboard for real-time statistics on traffic, sessions, and

threats.

9. What is an IPS (Intrusion Prevention System) in a Firewall?

An IPS analyses network traffic for signs of malicious activity.

It can block or alert administrators about potential threats in real time.

It acts as a proactive layer of defense that not only identifies potential

threats but also takes action to block them before they can cause harm.

Key Functions of an IPS in a Firewall:

Threat Detection:
Monitors network traffic and looks for suspicious activities or patterns that
match known attack signatures or behaviors.
Real-Time Prevention:
Automatically blocks malicious traffic by dropping harmful packets, resetting
connections, or reconfiguring the firewall to mitigate ongoing threats.
Signature-Based Detection:
Compares incoming data against a database of known attack signatures to
identify specific threats.

Interview Q&A Network Engineer(L1) 8

 Anomaly-Based Detection:
Identifies unusual behavior in network traffic that deviates from established
baselines, potentially indicating an unknown threat.
Deep Packet Inspection (DPI):
Analyzes the content of network packets, not just headers, to detect hidden
threats or exploit attempts.
Logging and Alerting:
Keeps records of detected threats and alerts network administrators for further
analysis and action.

How can you take a backup of the Fortinet

firewall configuration?
Here’s a simple example of the commands to be used in backing up the
configuration of a Fortinet firewall.

Backup to Management Station: Use the command backup config

management station to save your firewall settings to a computer or server
that you manage.

Backup to USB Device: To save your settings to a USB drive, you would use
the command backup config USB.

ftp command: The FTP command to backup via FTP (FTP is a method of
transferring files over the internet) is to manage backup config ftp [details],
wherein you would have to give some detail about your FTP server address
and the like.

TFTP: This is another file transfer type of backup. You would use the
command run backup config tftp.

What is a packet-filtering firewall?

A packet filtering firewall examines the source and destination IP address
protocols such as UDP (User Diagram Protocol) & TCP(Transmission Control
Protocol) as well as port addresses.
The packet is verified and secured if both IP addresses match each other.

Interview Q&A Network Engineer(L1) 9

 What do you understand by a VPN?
The full form of a VPN is a Virtual Private Network (VPN).

It creates a safe and secure connection between the Internet and your
device.

Once you are connected to the internet through a VPN, your data is sent via
an encrypted virtual tunnel.

It also creates a connection between two private networks over the

internet.

Firewalls work in which OSI layers?

A firewall works at these three layers on the OSI layers, namely:

Layer 3 (Network layer)

Layer 4 (Transport layer)

Layer 7 (Application layer)

What is Policy NAT?

Policy NAT stands for Policy Network Address Translation.

It allows you to NAT by giving the source and destination addresses in an

extended Access List (ACL).

We can also give source and destination ports.

There are two types in which Policy NAT is available:

1. Static Policy NAT

2. Dynamic Policy NAT

12. What is the default timeout value for TCP, UDP

and ICMP sessions?
The default value for a TCP session is 60 minutes.

The default value for the UDP session is 2 minutes.

The default value for the ICMP session is 2 seconds.

Interview Q&A Network Engineer(L1) 10