Easy Questions (Foundational Concepts)

1. What is a computer network?

A computer network is a group of two or more interconnected computer systems
or devices that can communicate and share resources, such as files, printers, and
internet access.
2. What are the benefits of a computer network?
The main benefits are resource sharing (like files, printers, and internet
connections), communication (like email and video calls), cost-effectiveness
(sharing expensive hardware), and centralized management (easier to manage
data and security).
3. What is a Node?
A node is any device connected to a network that can send, receive, or forward
data. Examples include computers, printers, switches, and routers.
4. What is a Link?
A link is the physical or logical communication path that connects two or more
nodes in a network. This can be a wired connection, like an Ethernet cable, or a
wireless one, like Wi-Fi.
5. What are the different types of computer networks?
The most common types are:
o LAN (Local Area Network): Covers a small area, like a home,
office, or school.
o MAN (Metropolitan Area Network): Covers a larger area, like a
city or a large campus.
o WAN (Wide Area Network): Covers a very large geographical area,
like a country or the entire globe. The Internet is the largest WAN.
o PAN (Personal Area Network): Covers a very small area around a
person, typically using Bluetooth.
6. What is the difference between the Internet, an intranet, and an
extranet?
o Internet: A global, public network connecting millions of private,
public, academic, and government networks.
 o Intranet: A private network within a single organization, accessible
only to its members. It uses internet protocols (like HTTP) but is
firewalled from the public.
o Extranet: A private network that extends to select users outside the
organization, such as partners or suppliers, giving them limited access
to the intranet.
7. What is network topology? Name five common types.
Network topology describes the physical or logical arrangement of nodes and
links in a network.
Five common types are:
o Star: All nodes connect to a central device (like a switch).
o Bus: All nodes share a single, common communication line.
o Ring: Each node is connected to exactly two other nodes, forming a
ring.
o Mesh: Every node is connected to every other node (full mesh) or to
multiple other nodes (partial mesh).
o Tree: A hybrid topology with a central "root" node and a hierarchy of
other nodes.
8. What is the OSI model? List its seven layers.
The OSI (Open Systems Interconnection) model is a conceptual framework that
standardizes the functions of a network into seven logical layers. This helps in
understanding and troubleshooting network communication.
The layers, from 7 to 1, are:
o Layer 7: Application
o Layer 6: Presentation
o Layer 5: Session
o Layer 4: Transport
o Layer 3: Network
o Layer 2: Data Link
o Layer 1: Physical
 9. What is the TCP/IP model? What are its layers?
The TCP/IP model is a more practical model that the internet is based on. It's a 4-
layer model (though some describe it as 5-layer).
The 4-layer model includes:
o Application
o Transport
o Internet
o Network Access (or Link Layer)
10. What is the main difference between the OSI and TCP/IP models?
The OSI model is a 7-layer conceptual and reference model that's excellent for
teaching and troubleshooting. The TCP/IP model is a 4-layer practical model that
implements the protocols used on the internet. The OSI model has separate
Presentation and Session layers, which are combined into the Application layer in
the TCP/IP model.
11. What is an IP address?
An IP (Internet Protocol) address is a unique numerical label assigned to each
device on a network. It serves two main functions: identifying the host (or
device) and providing its location on the network (network addressing).
12. What is the difference between IPv4 and IPv6?
o IPv4: Uses a 32-bit address, written as four decimal numbers (e.g.,
[Link]). It supports about 4.3 billion addresses.
o IPv6: Uses a 128-bit address, written in hexadecimal (e.g.,
2001:0db8:85a3:0000:0000:8a2e:0370:7334). It was created to solve
the shortage of IPv4 addresses and supports a virtually limitless
number.
13. What is a MAC address?
A MAC (Media Access Control) address is a unique 48-bit hardware identifier
"burned into" a device's NIC (Network Interface Card). It's used for
communication between devices on the same local network (at Layer 2).
14. What is the difference between an IP address and a MAC
address?
 o IP Address (Layer 3): Logical address that identifies a device's
location on a network. It can change if the device moves to a new
network. It's like a house's street address.
o MAC Address (Layer 2): Physical, permanent hardware address. It's
used for local network delivery. It's like a person's government ID
number or the serial number on a device.
15. What is a port? Give an example of a common port and its service.
A port is a number that identifies a specific application or service on a computer.
When data arrives at a device's IP address, the port number tells the operating
system which application to send the data to.
o Example: Port 80 is used for HTTP (web traffic). Port 443 is for
HTTPS (secure web traffic).
16. What is a protocol? Give an example.
A protocol is a set of rules that governs how data is formatted, transmitted, and
received in a network. It ensures that devices can understand each other.
o Example: HTTP (Hypertext Transfer Protocol) is the protocol for
viewing web pages.
17. What is a Hub? At which OSI layer does it operate?
A Hub is a basic network device that connects multiple devices in a LAN. It's a
"dumb" device that broadcasts any data it receives on one port to all other ports.
It operates at Layer 1 (Physical).
18. What is a Switch? At which OSI layer does it operate?
A Switch is a smarter device that connects devices in a LAN. It learns the MAC
addresses of the devices connected to its ports and forwards data only to the
intended recipient port. This is more efficient than a hub. It operates at Layer 2
(Data Link).
19. What is a Router? At which OSI layer does it operate?
A Router is a device that connects different networks together (e.g., your home
LAN to the internet WAN). It uses IP addresses to make "routing" decisions and
send packets to their correct destination network. It operates at Layer 3
(Network).
20. What is the difference between a Hub, a Switch, and a Router?
 o Hub (Layer 1): Connects devices, broadcasts data to all ports.
Creates one large collision domain.
o Switch (Layer 2): Connects devices, smartly forwards data to the
correct port using MAC addresses. Each port is its own collision
domain.
o Router (Layer 3): Connects networks, routes data between networks
using IP addresses. Each interface is its own broadcast domain.
21. What is a firewall?
A firewall is a network security device that monitors and controls incoming and
outgoing network traffic based on predefined security rules. It acts as a barrier
between a trusted internal network and untrusted external networks (like the
internet).
22. What is DNS (Domain Name System)?
DNS is the "phonebook of the internet." It translates human-readable domain
names (like [Link]) into machine-readable IP addresses (like
[Link]) that computers use to find each other.
23. What is DHCP (Dynamic Host Configuration Protocol)?
DHCP is a network protocol that automatically assigns IP addresses and other
network configuration settings (like the subnet mask and default gateway) to
devices when they join a network. This avoids the need for manual configuration.
24. What is a subnet mask?
A subnet mask is a 32-bit number (in IPv4) that divides an IP address into two
parts: the network ID and the host ID. It tells a device which part of the IP
address is the network it belongs to and which part identifies the specific device.
25. What is the difference between a public IP and a private IP
address?
o Public IP: A unique, routable IP address assigned by an ISP, used for
communicating on the public internet.
o Private IP: An IP address from a specific range (like 192.168.x.x or
10.x.x.x) used within a private network (like your home or office).
These addresses are not routable on the internet.
26. What is NAT (Network Address Translation)?
NAT is a process, typically done by a router, that translates private IP addresses
from an internal network into a single public IP address for use on the internet.
This allows many devices to share one public IP, which conserves IPv4 addresses
and adds a layer of security.
27. What is a VPN (Virtual Private Network)?
A VPN creates a secure, encrypted "tunnel" over a public network (like the
internet). This allows a user to securely access a private network (like a
company's intranet) remotely, or to browse the internet privately as if they were
on a different network.
28. What is bandwidth?
Bandwidth is the maximum amount of data that can be transmitted over a
network connection in a given amount of time. It's often measured in megabits
per second (Mbps).
29. What is latency?
Latency (or ping) is the time it takes for a data packet to travel from its source to
its destination. It's a measure of delay. Low latency is good (fast response), while
high latency is bad (lag).
30. What is the difference between simplex, half-duplex, and full-
duplex communication?
o Simplex: Communication is one-way only (e.g., a TV broadcast).
o Half-Duplex: Communication is two-way, but only one direction at a
time (e.g., a walkie-talkie).
o Full-Duplex: Communication is two-way and simultaneous (e.g., a
telephone call).

Moderate Questions (Protocols, Subnetting & Security)

31. Explain the TCP 3-Way Handshake.
It's the process TCP uses to establish a reliable connection between a client and a
server.
1. SYN: The client sends a SYN (synchronize) packet to the server to
initiate a connection.
 2. SYN-ACK: The server replies with a SYN-ACK (synchronize-
acknowledgment) packet to acknowledge the request and send its own
sequence number.
3. ACK: The client sends an ACK (acknowledgment) packet back to the
server. The connection is now established, and data transfer can begin.
32. What is the difference between TCP and UDP?
o TCP (Transmission Control Protocol): Is connection-oriented and
reliable. It establishes a connection (3-way handshake), guarantees
data is delivered in order, and re-transmits lost packets. This makes it
slower. (e.g., web browsing, email).
o UDP (User Datagram Protocol): Is connectionless and unreliable
(or "best-effort"). It just sends packets without establishing a
connection or checking for delivery. This makes it much faster. (e.g.,
video streaming, online gaming, DNS).
33. When would you use UDP over TCP?
You use UDP when speed is more important than perfect accuracy. This is ideal
for real-time applications like video streaming, VoIP (Voice over IP), and online
gaming, where a lost packet is better than a long delay caused by re-transmission.
34. Explain the function of ARP (Address Resolution Protocol).
ARP's job is to map a Layer 3 (IP) address to its corresponding Layer 2 (MAC)
address on a local network. When a device needs to send a packet to an IP
address on its own network, it sends an ARP broadcast asking, "Who has this IP
address?" The device with that IP replies with its MAC address.
35. What is ICMP (Internet Control Message Protocol)? Which common
tool uses it?
ICMP is a network layer protocol used by network devices to send error
messages and operational information. It's not for user data, but for diagnostics.
The most common tool that uses it is ping, which sends ICMP "Echo Request"
packets to a host to see if it's reachable and measure the round-trip time.
36. What happens, step-by-step, when you type [Link] into
your browser and press Enter?
1. Browser Cache: The browser checks its cache for the IP address of
[Link].
 2. OS Cache: If not in the browser cache, it checks the operating
system's cache.
3. DNS Query: If not cached, the computer sends a DNS query to its
configured DNS resolver (usually provided by the ISP).
4. Recursive DNS: The resolver queries DNS root servers, then TLD
(Top-Level Domain) servers (for .com), then authoritative name
servers (for [Link]) to find the IP address.
5. IP Returned: The DNS resolver gets the IP address (e.g.,
[Link]) and returns it to the computer.
6. TCP Handshake: The browser initiates a TCP 3-way handshake with
the server at that IP address on port 80 (HTTP) or 443 (HTTPS).
7. HTTP(S) Request: Once the connection is established, the browser
sends an HTTP GET request to the server, asking for the webpage.
8. HTTP(S) Response: The server sends back an HTTP response
containing the webpage's content (HTML, CSS, JavaScript).
9. Render Page: The browser receives the content and renders the
webpage for the user.
37. What is subnetting? Why is it used?
Subnetting is the practice of dividing a large IP network into smaller, more
manageable sub-networks (or "subnets").
It's used to:
o Reduce Network Traffic: It breaks up large broadcast domains,
which reduces unnecessary traffic.
o Improve Performance: Smaller networks are generally faster and
easier to manage.
o Enhance Security: You can apply security policies (like firewall
rules) between subnets.
o Simplify Management: It's easier to organize and troubleshoot
smaller networks.
38. You have an IP address of [Link] with a subnet mask of
[Link] (or /26). How many subnets and hosts per subnet can
you have?
 o A standard Class C (/24) mask is [Link].
o The given mask is [Link], which is /26.
o This means we "borrowed" 2 bits for the network part (from 24 to 26).
o Number of Subnets: $2^{2}$ (2 borrowed bits) = 4 subnets.
o Number of Hosts: A 32-bit address leaves 6 bits for hosts (32 - 26 =
6).
o Number of hosts per subnet is $2^{6} - 2$ = 64 - 2 = 62 usable hosts.
(We subtract 2 for the network ID and the broadcast address).
39. What is CIDR (Classless Inter-Domain Routing)?
CIDR is a method for allocating IP addresses and routing IP packets that replaces
the old "classful" system (Class A, B, C). It allows for variable-length subnet
masks (VLSM), which gives more flexibility. You notate it with a "slash"
notation (e.g., /26), which represents the number of bits in the network prefix.
40. What is the difference between a static IP and a dynamic IP?
o Static IP: An IP address that is manually assigned to a device and
does not change. It's reliable for servers, printers, and other devices
that need to be found at the same address.
o Dynamic IP: An IP address that is automatically assigned to a device
by a DHCP server for a limited period (a "lease"). This is common for
client devices like laptops and phones.
41. What is a VLAN (Virtual LAN)? What is its purpose?
A VLAN allows you to group devices on the same physical LAN (i.e., connected
to the same switch) into separate, logical (or virtual) networks.
Its purpose is to segment a network without needing to physically rewire
anything. Devices in one VLAN cannot directly communicate with devices in
another VLAN (unless routed), which improves security and reduces broadcast
traffic.
42. What is trunking in the context of VLANs? (e.g., IEEE 802.1Q)
A trunk port is a port on a switch that is configured to carry traffic for multiple
VLANs simultaneously. To keep the traffic from different VLANs separate, the
switch uses a protocol like IEEE 802.1Q, which adds a "tag" to each frame to
identify which VLAN it belongs to. This is used to connect switches together.
 43. What is the purpose of the Spanning Tree Protocol (STP)?
STP's purpose is to prevent broadcast storms and switching loops in a network
that has redundant paths (e.g., two switches connected by two cables). It does this
by logically blocking redundant paths, ensuring there is only one active path to
any destination. If the primary path fails, it unblocks a redundant path.
44. What is a routing table?
A routing table is a data table, stored on a router or a networked computer, that
lists the "routes" to particular network destinations. It's like a set of directions
that tells the router where to forward packets based on their destination IP
address.
45. What is the difference between static routing and dynamic
routing?
o Static Routing: A network administrator manually enters all routes
into the routing table. It's simple and secure for small networks but
doesn't scale and can't adapt to network changes.
o Dynamic Routing: Routers automatically learn and share route
information with each other using a routing protocol (like OSPF or
BGP). It's scalable and can automatically find new routes if a path
fails.
46. What is a default gateway?
A default gateway is the IP address of the router on a local network that a device
will send a packet to when the destination IP address is not on the same local
network. It's the "exit door" for all traffic destined for other networks, including
the internet.
47. What is the loopback address? What is it used for?
The loopback address (for IPv4, it's the [Link] to [Link] range, most
commonly [Link]) is a special IP address that a device uses to send a signal to
itself. It's used for testing the network stack on the local machine to confirm that
TCP/IP is installed and functioning correctly, without any network hardware.
48. Explain the difference between HTTP and HTTPS.
o HTTP (Hypertext Transfer Protocol): The standard protocol for
web traffic. It is unencrypted, meaning all data is sent in plain text.
 o HTTPS (HTTP Secure): The secure version of HTTP. It uses
SSL/TLS to encrypt the communication between your browser and
the web server, protecting it from eavesdropping and tampering.
49. What is the role of SSL/TLS in HTTPS?
SSL (Secure Sockets Layer), or its modern successor TLS (Transport Layer
Security), is the encryption protocol used by HTTPS. Its role is to:
1. Encrypt the data being exchanged.
2. Authenticate the web server (proving it is who it says it is) via a
digital certificate.
3. Ensure data integrity (that the data hasn't been changed in transit).
50. What is a proxy server? How does it differ from a firewall?
o Proxy Server: An intermediary server that sits between a user and the
internet. It takes requests from the user and forwards them to the
internet on the user's behalf. It can be used for caching content,
filtering requests, and hiding the user's real IP address.
o Firewall: A security device that filters traffic based on rules. A proxy
represents the user, while a firewall protects the user or network.
51. What is a DMZ (Demilitarized Zone) in networking?
A DMZ is a small, isolated sub-network that sits between a company's private
internal network (LAN) and the untrusted public network (Internet). It's used to
host public-facing servers (like web or email servers). This way, if a public server
is compromised, the attacker is still outside the main internal network.
52. What is a packet? What are its main components?
A packet is a small unit of data formatted for transmission over a network. Its
main components are:
o Header: Contains addressing and control information (like
source/destination IP, port numbers, and packet number).
o Payload: The actual data being sent (e.g., a piece of an email or a
webpage).
o Trailer (or Footer): Contains error-checking data (like a checksum or
CRC).
53. Explain flow control in TCP.
Flow control is a mechanism that prevents a fast sender from overwhelming a
slow receiver. The receiver uses a "sliding window" to advertise how much data
(in bytes) it can currently accept in its buffer. The sender must limit its
transmission to this window size.
54. Explain congestion control in TCP.
Congestion control is a mechanism to prevent the network itself from being
overwhelmed with too much traffic. TCP uses algorithms like slow start and
congestion avoidance. It starts by sending a small amount of data and rapidly
increases it. If it detects packet loss (signaling congestion), it dramatically slows
down and then slowly ramps back up.
55. What is the function of the Session Layer in the OSI model?
The Session Layer (Layer 5) is responsible for establishing, managing, and
terminating sessions (dialogues) between applications. It handles tasks like
authentication and synchronization, allowing applications to "check-point" a long
data transfer so it can be resumed if it fails.
56. What is the function of the Presentation Layer in the OSI model?
The Presentation Layer (Layer 6) is the "translator" of the network. It's
responsible for data formatting, encryption, and compression. It ensures that data
sent from the Application layer of one system can be read by the Application
layer of another system (e.g., converting ASCII to EBCDIC, or
encrypting/decrypting data).
57. What is port forwarding?
Port forwarding (or port mapping) is a technique used on a router (with NAT) to
allow external devices to access a service on a private network. It tells the router
to take all traffic arriving at a specific port on its public IP and "forward" it to a
specific private IP and port on the internal network.
58. What is the difference between a domain and a workgroup?
o Workgroup: A peer-to-peer network model where all computers are
equal. There is no centralized server for authentication. Each user
manages their own computer's security.
o Domain: A client/server network model that uses a centralized server
called a Domain Controller (running Active Directory in Windows)
to manage security and user accounts for all computers on the
network.
 59. What is a MAC address table (or CAM table) on a switch?
A MAC address table (also called a CAM table) is a table stored in a switch's
memory. It maps the switch's ports to the MAC addresses of the devices
connected to them. The switch builds this table by learning the source MAC
address of frames it receives, and uses it to make intelligent forwarding
decisions.
60. What is a broadcast storm, and how can it be prevented?
A broadcast storm is when a network is flooded with an excessive number of
broadcast packets. This can happen in a switching loop (where two switches are
connected in a circle) and can quickly consume all available bandwidth, bringing
the network down. It is prevented by the Spanning Tree Protocol (STP), which
detects and blocks redundant paths.
61. What is the ping command? What about traceroute (or tracert)?
o ping: A tool used to test connectivity to a host. It sends an ICMP
Echo Request and waits for an Echo Reply, measuring the round-trip
time and checking for packet loss.
o traceroute (tracert on Windows): A tool used to map the path (the
sequence of routers, or "hops") a packet takes to reach a destination.
It's used to diagnose where delays or failures are occurring along the
path.
62. Explain the DORA process in DHCP.
DORA is the four-step process a client uses to get an IP address from a DHCP
server:
1. Discover: The client sends a broadcast message to "discover" any
available DHCP servers.
2. Offer: The DHCP server(s) reply with an offer of an IP address and
other settings.
3. Request: The client replies, "requesting" the offered IP address from
one of the servers.
4. Acknowledge: The DHCP server "acknowledges" the request,
finalizes the lease, and sends the configuration to the client.
63. What is APIPA (Automatic Private IP Addressing)?
APIPA is a feature in Windows that automatically assigns an IP address from the
range 169.254.x.x when a device is set to use DHCP but cannot find a DHCP
server. This allows devices on a small network to communicate with each other
locally, even without a router or DHCP server.
64. What is CSMA/CD (Carrier Sense Multiple Access with Collision
Detection)?
CSMA/CD is the access method used in early (half-duplex) Ethernet networks.
o Carrier Sense: A device "listens" to the wire to see if it's idle.
o Multiple Access: All devices share the same wire (medium).
o Collision Detection: If two devices send at the same time (a
"collision"), they detect it, stop, wait a random amount of time, and
then try again.
Modern switched networks use full-duplex, which eliminates the need for this.
65. What is the difference between a stateful and a stateless firewall?
o Stateless Firewall: Filters packets based on individual packet headers
(source/destination IP and port). It doesn't know about the "state" of a
connection. (e.g., an ACL on a router).
o Stateful Firewall: Keeps track of the "state" of active connections. It
understands the context of traffic (e.g., it knows this packet is part of
an established connection). This allows it to make more intelligent
decisions, like allowing return traffic that was initiated from inside,
while blocking unsolicited traffic from outside.

Difficult Questions (Advanced Topics & Scenarios)

66. What is BGP (Border Gateway Protocol)? Why is it called the
"protocol of the Internet"?
BGP is the exterior gateway protocol (EGP) that manages how packets are routed
between different Autonomous Systems (AS) on the internet. It's called the
"protocol of the Internet" because it's the glue that holds the internet together,
allowing independent networks (like ISPs, universities, and large tech
companies) to exchange routing information and find paths to each other.
67. What is the difference between iBGP (Internal BGP) and eBGP
(External BGP)?
 o eBGP (External): Used for BGP communication between two
different Autonomous Systems (AS). This is how ISPs peer with each
other.
o iBGP (Internal): Used for BGP communication within a single
Autonomous System. It's used to ensure all routers inside an AS have
the same external routing information.
68. What is an Autonomous System (AS)?
An Autonomous System is a large collection of IP networks and routers under the
control of a single administrative entity. It presents a common routing policy to
the internet. Each AS is assigned a unique ASN (Autonomous System Number).
(e.g., Google is AS15169, Level 3 is AS3356).
69. Explain the difference between distance-vector (e.g., RIP) and
link-state (e.g., OSPF) routing protocols.
o Distance-Vector (e.g., RIP): Routers share their entire routing table
with their direct neighbors. They only know the "distance" (hop
count) and "vector" (direction/next-hop) to a destination. They have a
"map by rumor" view of the network, which can lead to slow
convergence and routing loops.
o Link-State (e.g., OSPF): Routers share information about the "state"
of their own links (neighbors, link speed) with all other routers in the
area. Each router then independently builds a complete map of the
entire network and calculates the shortest path (using Dijkstra's
algorithm). This converges much faster and is more robust.
70. How does OSPF (Open Shortest Path First) work?
OSPF is an internal gateway protocol (IGP).
1. Routers send "Hello" packets to discover neighbors and form
adjacencies.
2. In a multi-access network (like Ethernet), they elect a Designated
Router (DR) and Backup DR (BDR) to reduce redundant
communication.
3. Routers exchange Link-State Advertisements (LSAs), which
describe their links and link states.
4. All LSAs are collected in a Link-State Database (LSDB), which
must be identical for all routers in an area.
 5. Each router runs the Dijkstra SPF (Shortest Path First) algorithm
on its LSDB to build a "shortest-path tree" and populates its routing
table.
71. What is MPLS (Multiprotocol Label Switching)? How does it
improve performance?
MPLS is a high-performance networking technique. Instead of performing a
complex IP lookup at every hop, the first router (Ingress) adds a short "label" to
the packet. Subsequent routers in the MPLS network make forwarding decisions
based only on this simple label, which is much faster. It's "multiprotocol"
because it can carry any payload (IP, Ethernet, etc.). It's used by ISPs to create
high-speed, reliable VPNs and manage traffic.
72. What is QoS (Quality of Service)? How can it be implemented?
QoS is a set of techniques used to manage network resources and ensure a certain
level of performance for critical applications.
It's implemented using:
o Classification & Marking: Identifying and "tagging" high-priority
traffic (e.g., a VoIP call).
o Queuing: Creating different "lanes" for traffic. High-priority packets
(like VoIP) go in a high-priority queue that gets processed first.
o Shaping & Policing: Controlling the rate of traffic. Policing drops
excess traffic, while Shaping buffers and delays it.
73. What is SDN (Software-Defined Networking)? Explain its
architecture.
SDN is an architecture that separates the network's control plane from its data
plane.
o Data Plane (The "Hardware"): The switches and routers that
forward traffic. They become "dumb" devices.
o Control Plane (The "Brain"): A centralized SDN controller
(software) that makes all routing and forwarding decisions.
o This makes the network programmable, agile, and easier to manage
from a central point, rather than configuring individual devices.
74. What is NFV (Network Functions Virtualization)? How does it relate
to SDN?
NFV is the concept of virtualizing network functions—like firewalls, load
balancers, and routers—so they can run as software on standard, commodity
hardware (servers). This avoids the need for expensive, specialized hardware for
each function.
o Relation: SDN and NFV are complementary. You can use an SDN
controller to manage and chain these virtualized network functions
(NFV).
75. What is an overlay network? Give an example.
An overlay network is a virtual network built on top of an existing physical
network (the "underlay"). It creates its own logical topology and can have its own
addressing scheme.
o Example: VXLAN (Virtual Extensible LAN) is an overlay
technology that allows you to "stretch" a Layer 2 network over a
Layer 3 underlay. It encapsulates the original Ethernet frame inside a
UDP/IP packet. This is heavily used in data centers and cloud
environments.
76. Explain how a DDoS (Distributed Denial of Service) attack works.
How can it be mitigated?
A DDoS attack floods a target server or network with an overwhelming amount
of traffic from many distributed sources (often a "botnet" of compromised
computers). The goal is to consume all the target's resources (like bandwidth or
CPU) so that legitimate users cannot access it.
o Mitigation: Involves rate limiting (limiting traffic from single
sources), IP blacklisting (blocking known bad actors), and DDoS
scrubbing services (which filter traffic through a large, distributed
"scrubbing center" to separate good traffic from bad).
77. What is an Access Control List (ACL)? Differentiate between
standard and extended ACLs.
An ACL is a list of rules applied to a router or firewall interface to permit or deny
traffic.
o Standard ACL: Filters only based on the source IP address. It's
simple but not very granular.
 o Extended ACL: Filters based on a combination of source IP,
destination IP, protocol (TCP, UDP), and port numbers. This
provides much more granular control.
78. What is IPsec? Describe its two modes.
IPsec (Internet Protocol Security) is a suite of protocols that provides encryption
and authentication at the network layer (Layer 3). It's commonly used to build
VPNs.
o Tunnel Mode: Encrypts the entire original IP packet (header and
payload) and wraps it in a new IP header. This is used for site-to-site
VPNs between gateways (routers).
o Transport Mode: Encrypts only the payload (data) of the original IP
packet. The original IP header is left intact. This is used for end-to-
end communication between two hosts.
79. What is IKE (Internet Key Exchange) in the context of IPsec?
IKE is the protocol used to set up a Security Association (SA) for IPsec. It's the
negotiation phase. It runs on UDP port 500 and allows the two ends of an IPsec
tunnel to authenticate each other and agree on the encryption keys and algorithms
to use.
80. What is VRRP (Virtual Router Redundancy Protocol) or HSRP (Hot
Standby Router Protocol)?
These are First Hop Redundancy Protocols (FHRPs). They provide high
availability for a network's default gateway.
A group of two or more routers share a single virtual IP address and virtual MAC
address. One router acts as the active gateway, and the others are in standby. If
the active router fails, a standby router instantly takes over the virtual IP and
MAC, so client devices don't experience any interruption. (HSRP is Cisco-
proprietary; VRRP is an open standard).
81. What is a load balancer? What are different load-balancing
algorithms?
A load balancer distributes incoming network traffic across a group of backend
servers (a "server farm") to ensure no single server becomes overwhelmed. This
improves performance, reliability, and availability.
o Algorithms:
 ▪ Round Robin: Sends each new request to the next server in the
list.
▪ Least Connections: Sends the new request to the server that
currently has the fewest active connections.
▪ IP Hash: Uses a hash of the source IP address to determine
which server to send the request to (ensures a user stays "sticky"
to one server).
82. What is the difference between a Layer 4 and a Layer 7 load
balancer?
o Layer 4 (Transport): Operates at the transport layer. It makes
decisions based on IP addresses and TCP/UDP ports. It doesn't look
at the content of the traffic. It's very fast.
o Layer 7 (Application): Operates at the application layer. It can
inspect the content of the traffic (like HTTP headers, URLs, or
cookies). This allows it to make much more intelligent decisions, such
as routing users to different servers based on the URL they are trying
to access.
83. What is BSSID vs. SSID in a Wi-Fi network?
o SSID (Service Set Identifier): The human-readable name of the Wi-
Fi network that you see and connect to (e.g., "MyHomeWiFi").
o BSSID (Basic Service Set Identifier): The MAC address of the
wireless access point's (AP) radio. If you have multiple APs in a
"mesh" network with the same SSID, each AP will still have a unique
BSSID.
84. How does WPA2/WPA3 secure a wireless network?
o WPA2 (Wi-Fi Protected Access 2): Uses AES (Advanced
Encryption Standard) for strong encryption. In "Personal" mode, it
uses a Pre-Shared Key (PSK) (your Wi-Fi password) that everyone
uses. In "Enterprise" mode, it uses 802.1X for per-user authentication.
o WPA3: The successor to WPA2. It provides even stronger encryption
and, most importantly, replaces the PSK with SAE (Simultaneous
Authentication of Equals), which is much more resistant to offline
"dictionary" attacks, even with weak passwords.
 85. What is EIGRP (Enhanced Interior Gateway Routing Protocol)? What
makes it a hybrid protocol?
EIGRP is a Cisco-proprietary routing protocol. It's called a hybrid protocol
because it combines the best features of distance-vector (it's simple to configure
and gets information from neighbors) and link-state (it has fast convergence and
a partial view of the network). It uses the DUAL (Diffusing Update Algorithm) to
ensure loop-free paths.
86. What is a route summarization (or supernetting)? What are its
benefits?
Route summarization is the process of combining multiple specific network
routes into a single, less-specific "summary" route. For example, [Link]/24
and [Link]/24 can be summarized as [Link]/23.
o Benefits: It makes routing tables smaller, which reduces router CPU
and memory usage. It also improves stability by "hiding" individual
link failures within the summary range.
87. What is a BGP path attribute? Give examples.
BGP attributes are parameters used to describe a route. BGP uses these attributes
(not just hop count) to make its complex path selection decisions.
o AS-PATH: A list of all Autonomous Systems a route has passed
through. This is the primary loop-prevention mechanism.
o LOCAL_PREF (Local Preference): Used within an AS to tell its
internal routers which path is preferred to exit the AS.
o MED (Multi-Exit Discriminator): Used to tell an external AS which
path is preferred to enter your AS (if multiple entry points exist).
88. What is TCP fast retransmit?
This is an optimization for TCP congestion control. If a sender receives three
duplicate ACKs (acknowledgments for the same packet), it assumes the next
packet was lost and retransmits it immediately, without waiting for its
retransmission timer to expire. This significantly speeds up recovery from packet
loss.
89. What is MTU (Maximum Transmission Unit)? What is path MTU
discovery?
 o MTU: The largest packet size (in bytes) that a specific link can
transmit. For Ethernet, the default MTU is 1500 bytes.
o Path MTU Discovery (PMTUD): The process by which a host
determines the smallest MTU along the entire path to a destination.
This is done to avoid IP fragmentation, where a router has to break a
large packet into smaller pieces, which is inefficient and can be
blocked by firewalls.
90. What is fragmentation in IP? Why is it generally avoided with IPv6?
Fragmentation is when a router receives an IP packet that is larger than the MTU
of the next link. The router breaks the packet into smaller "fragments," which are
reassembled at the final destination.
o IPv6 Avoidance: IPv6 routers do not fragment packets. IPv6
requires hosts to use Path MTU Discovery (PMTUD) to determine the
path MTU and send packets that are already the correct size. This puts
the burden on the end hosts, simplifying routers and improving
network performance.
91. What is a Zero-Trust network architecture?
Zero-Trust is a security model based on the principle of "never trust, always
verify." It assumes that threats can exist both inside and outside the network.
Therefore, no user or device is trusted by default. Every connection and access
request must be strongly authenticated, authorized, and encrypted, regardless of
where it originates.
92. Explain anycast. How is it used in practice?
Anycast is a networking technique where the same IP address is assigned to
multiple servers in different geographic locations. When a user sends a request to
this IP, BGP routes them to the server that is network-topologically closest to
them.
o Practice: This is heavily used by DNS root servers and Content
Delivery Networks (CDNs) to provide high availability and low
latency by serving users from a nearby server.
93. What is the difference between deep packet inspection (DPI) and
shallow packet inspection?
o Shallow Packet Inspection (or Stateless): Only looks at the header
of a packet (IP addresses, ports).
 o Deep Packet Inspection (DPI) (or Stateful): Looks at the payload
(data) of the packet as well as the header. This allows a firewall to
identify the application creating the traffic (e.g., blocking BitTorrent,
even if it uses port 80) or to scan for malware.
94. How would you troubleshoot a user who complains "the internet is
slow"?
I would use a "bottom-up" (or "top-down") OSI model approach.
1. Define "slow": Is it latency (lag) or bandwidth (download speed)? Is
it all websites or just one?
2. Check Physical (L1): Is the Wi-Fi signal strong? Is the Ethernet
cable plugged in properly?
3. Check Local (L2/L3):
▪ Run ipconfig or ifconfig to check the user's IP. Are they getting
a valid IP (not APIPA)?
▪ ping the default gateway to check local network latency.
▪ ping a public DNS like [Link] to check connectivity to the
internet.
▪ ping [Link] to check if DNS is working.
4. Trace the Path (L3): Run traceroute [Link] to see where the
latency is (is it on our network, the ISP's, or beyond?).
5. Test DNS: Try a different DNS server (e.g., [Link] or [Link]).
6. Test Bandwidth: Run a speed test to check bandwidth.
7. Isolate the problem: Is it just this user? Is it everyone on this switch?
Is it the whole office? This helps narrow down if it's the user's PC, the
LAN, or the WAN connection.
95. A user can ping a server by its IP address but cannot access it by
its domain name. What is the likely problem and how would you verify
it?
o Problem: This is almost certainly a DNS resolution problem. The
user's device cannot translate the domain name into the IP address.
o Verification:
 1. Open a command prompt on the user's machine.
2. Run nslookup [Link]. This will show if the DNS
query succeeds or fails.
3. If it fails, check the user's DNS server settings with ipconfig /all.
4. Try to ping the configured DNS server to see if it's reachable.
5. Try using nslookup with a different DNS server, like nslookup
[Link] [Link]. If this works, the user's default DNS
server is the problem.
96. Two devices on the same subnet cannot ping each other. What are
the possible causes?
o L1 (Physical): Bad network cable or a disconnected cable.
o L2/L3 (Config):
▪ Incorrect Subnet Mask: One or both devices have the wrong
subnet mask, making them think they are on different networks.
▪ Duplicate IP Address: One of the devices has an IP conflict
with another device.
o Security:
▪ Host Firewall: The firewall on the destination device (e.g.,
Windows Firewall) is blocking ICMP (ping) requests.
▪ Switch Security: A port security or ACL on the switch is
blocking the traffic.
o ARP: The ARP table on the source device might have a stale or
incorrect MAC address entry for the destination.
97. What is an "evil twin" in the context of network security?
An evil twin is a rogue Wi-Fi access point that appears to be a legitimate one. It
has the same SSID (network name) as the real network (e.g.,
"Airport_Free_WiFi"). Unsuspecting users connect to it, and the attacker can
then perform a man-in-the-middle (MITM) attack, eavesdropping on all their
traffic, stealing passwords, and injecting malware.
98. Explain poison reverse in the context of distance-vector routing.
Poison reverse is a technique used to prevent routing loops in distance-vector
protocols like RIP.
o When a router learns a route from a neighbor, it will advertise that
same route back to that neighbor, but with an infinite metric (a hop
count of 16 for RIP, which means "unreachable").
o This "poisons" the route and ensures that the neighbor never tries to
use the original router as a path back to that same network, which
would cause a loop.
99. What is a split-horizon routing?
Split-horizon is another loop-prevention mechanism, similar to poison reverse
but simpler. The rule is: "Never advertise a route back out of the same interface
you learned it from." This prevents a simple "count-to-infinity" loop between two
routers.
100. What is Anycast vs. Multicast vs. Broadcast?
* Broadcast (One-to-All): One device sends a packet to a special broadcast
address, and every device on the local network receives and processes it.
* Multicast (One-to-Many): One device sends a packet to a special multicast
address, and it is delivered only to devices that have "subscribed" or "joined" that
multicast group. Used for IPTV.
* Anycast (One-to-Nearest): One device sends a packet to an anycast address
(which is shared by multiple servers). The network routes the packet to the single
nearest server with that address. Used for DNS and CDNs.