Network Directions Paul Chang – Network Engineer Pam Marino – Network Engineer
Network Engineer Questions
14
1. OSI Layers 2. What is VLAN? 3. What is VTP? 4. How we can change VTP revision number 5. In what mode we will add a switch in VTP domain 6. Difference between loadsharing & loadbalancing 7. What is ACS server, syslog server 8. How to add node in hpnnm – nnm 9. How to add a node group in nnm 10. What is use of AAA and how we will configure it? 11. How many modules will be there in 7609? 12. What type of ports are available in 7609 router 13. Difference between HSRP and VRRP a) In VRRP preempt enabled by default, In HSRP Preempt disabled by default. b) In VRRP, In case priority is equal between Routers, Highest IP address Router will preempt but In HSRP, there are equal priority Routers then the one which is active Router remains active when the standby (former active) Router comes back. c) The maximum VRRP and HSRP priority value is 255 d) The maximum VRRP priority value that you can manually configure on the router is 254, In HSRP is maximum configurable priority is 255. e) Only one router can have a VRRP priority setting of 255. In HSRP multiple Routers can have a priority setting of 255.
Transcript of Network Engineer Questions
1. OSI Layers
2. What is VLAN?
3. What is VTP?
4. How we can change VTP revision number
5. In what mode we will add a switch in VTP domain
6. Difference between loadsharing & loadbalancing
7. What is ACS server, syslog server
8. How to add node in hpnnm – nnm
9. How to add a node group in nnm
10. What is use of AAA and how we will configure it?
11. How many modules will be there in 7609?
12. What type of ports are available in 7609 router
13. Difference between HSRP and VRRP
a) In VRRP preempt enabled by default, In HSRP Preempt disabled by default.
b) In VRRP, In case priority is equal between Routers, Highest IP address Router will preempt but In HSRP, there are equal priority Routers then the one which is active Router remains active when the standby (former active) Router comes back.
c) The maximum VRRP and HSRP priority value is 255
d) The maximum VRRP priority value that you can manually configure on the router is 254, In HSRP is maximum configurable priority is 255.
e) Only one router can have a VRRP priority setting of 255. In HSRP multiple Routers can have a priority setting of 255.
f) The Router that “owns the IP address” for the group automatically gets a VRRP priority setting of 255. There is no option to configure Virtual IP address of HSRP group as physical address to any Router in HSRP group.
14. How data flows in MPLS technology
15. OSPF states while forming neighborship
16. OSPF LSA types
17. Difference between point to point & MPLS links
18. What is external LSA
19. How to bind the mac-address
20. What is the use of port security?
21. Features of EIGRP
22. What is DUAL in EIGRP
23. Commands for configuring voice vlans
24- How to add voice vlans to switchports
25. Dhcp handshake process
26. Default lease time for DHCP
27.5 routers configured with HSRP, what are the states of each router
28. BGP attributes
29. Administrative distances of all roouting protocols
30. Etherchannel
31. What is the output voltage of 7609 router
32. How modules are placed in 7609 router
33. What is STP
34. How the election process will be happening in STP.
35. What is pvst
36. RSTP
37. STP states
38. How to break router password
39. How to upgrade ios in switch
40. What is OSPF
41. Function of link state routing protocol
42. Differences between OSI and TCP protocols
43. TCP 3way handshake process
Switch to Switch Connectivity
1. Name the VTP Modes?2. How can you configure a switch port to be a trunk?3. What command do you use to allow Vlans on a trunk?4. How can you assign a vlan to a switch port?5. Can you explain PortFast on a switch?6. What the steps that PortFast ignore?
HSRP
1. Explain HSRP?2. What command do you use to make sure that a wanted device is going to be an active mode?3. How can you make all the Vlan uses the HSRP active device without using the switchport trunk allow vlan command?4. What is the default priority number on HSRP?
Spanning Tree
1. Explain spanning tree?2. How can you configure a switch to be a root-bridge?3. What is the default priority on a switch?4. What command to use to change the priority on a switch?
Etherchannel – Port Channel
1. Explain Etherchannel?2. Can I bundle two different type of interface ex. a fastethernet with gigabitethernet? 3. How can you configure Etherchannel?4. Is Etherchannel a layer 2 or layer 3 technology?
Routing Protocols
1. Explain EIGRP?2. Explain BGP?3. If you have two ISP provider and you want to have a primary line and backup, how can you control the flow from you side to the provider and coming back from the provider? 4. What is the AD for EIGRP and BGP5. What command you use to establish neighbor with a BGP peer?6. What command to use to advertise neighbor on EIGRP?
Troubleshooting
1. Explain how trace route works?2. What command to use to verify that BGP neighbor has been established?3. What extra option do you have beside the basics when using ping?
1. Difference between hub, bridge and switch?2. What is mac address and why it is required?3. In layer 2 domain do we need ip address for communication?4. What is arp and why it is required?5. What is Spanning Tree Protocol aka STP?6. What is the difference between STP, MSTP, PVST and RSTP?7. Can we use the two same paths for same vlan?8. What is the difference between broadcast and collision domain?9. Define type of lan traffic.10. What is destination address of broadcast frame?11. Can we connect a switch to switch with straight cable?12. Define functions of switch.13. What is arp timeout?14. What is aging process?15. What is BPDU?16. What is path cost?17. Define selection criteria of STP root bridge.18. How to non bridge decide which port will elect as root port?19. If a nonroot bridge has two redundant ports with the same root path cost, how does the bridge choose which port will be the root port?20. Port states of spanning tree protocol.21. If the users face delay during initial login, what you will suggest to implement?22. Why spanning tree BPDU filter is used?23. Can I use BPDU filter on trunk ports?24. What is port security?25. I want to learn only a single mac from the port, what need to be configured?26. Can we use spanning port-fast on trunk ports?27. If management ip address is changed, will user’s traffic will
be dropped?28. Difference between trunk and access port?29. What is UDLD and why it is required?30. What is interface vlan on switch?
4. How many interface in ASA
Totally 5 Interfaces. 4 Ethernet Interfaces & 1 Ethernet Interface for Management
5. What is FWSW?1. Cisco Firewall Services Module (FWSM)—a high-speed, integrated firewall module for Cisco Catalyst 6500 switches and Cisco 7600 Series routers—provides the fastest firewall data rates in the industry2. Up to four FWSMs can be installed in a single chassis3. Based on Cisco PIX Firewall technology4. The Cisco FWSM includes a number of advanced features that help reduce costs and operational complexity while enabling organizations to manage multiple firewalls from the same management platform. Features such as resource manager helps organizations limit the resources allocated to any security context at any time thus ensuring that one security context does not interfere with another. The transparent firewall feature configures the FWSM to act as a Layer 2 bridging firewall resulting in minimal changes to network topology.
6. Difference between PIX and ASACisco PIX: Is a dedicated hardware firewall appliance Act as a Stateful packet filtering firewall. Use PIX operating system similar in interface to Cisco IOS . Use PIX Device Manager (PDM) for a graphical interface. Provide stateful firewall protection and IP Security (IPSec) VPN capabilities To ensure the security PIX use inside interface , outside interface etc concepts
Pix running in 6.3 v Not supported WebVPN Not support Transparent Firewall, Security Context and Modular Policy 16 MB RAMCisco ASA: Is firewall and anti-malware security appliance The Enterprise Editions include four versions: Firewall, IPS, Anti-X, and VPN. ASA can also serve as an intrusion prevention system (IPS) and VPN concentrator. Also covers new threats to a network like viruses, worms, unwanted applications (e.g., P2P, games, instant messaging), phishing, and application-layer attacks. Act as an “all-in-one” device—or a unified threat management (UTM) device ASA running in 7.2 v Supporting Web VPN Supporting Transparent Firewall, Security Context and Modular Policy 64 MB RAM7. How translation happenings in ASA (TCP, UDP)8. What is Modular Policy?9. What are the Modules available in PIX and ASA?10. Which IOS versions are you’re worked in PIX and ASA11. Explain about Security Context. Explain about Active/Standby and Active/Active
12. Explain about Dynamic NAT, Static NAT, Identity NAT, Static PAT, Dynamic PAT and Policy Based Nat?13. Explain about Packet Filtering, proxy server and stateful inspection14. What is Firewall?15. How to forcefully active secondary firewall to active firewall? Mean which command16. Static NAT syntax?17. About SSL VPN?18. Command for disable anti-spoofing in ASA19. Types of license in ASA20. Fail-over commands
21. Explain about VPN Phase – I & Phase – II 22. How many packets are exchanging in Main mode and aggressive mode?23. What is PFS?24. Commands for vpn25. Command for allow administrative access of SSH on firewall 26. How fail-over working (Mechanism)27. How Stateful fail-over works?28. Example of Packet Filtering, proxy server and stateful inspection (router,isa,checkpoint)29. Default Security level for inside and outside30. What are all routing protocol can support in asa31. Port no for ESP and AH32. What is the difference between ESP and AH33. What is spoofing and what is anti-spoofing 34. Stateful firewall working architecture.35. How firewall process the packet (rule, route, nat)36. Edit the access-list using access-list line number.36. IOS versions of pix and asa (6.0, 7.0, and 8.0) major release are enough.37. Pix appliances series and ASA appliance series38. How layer2 firewall (transparent firewall) works in ASA (FWSW)39. ASA Can do vpn with other vendor firewall?40. Default inspection protocol in asa?41. IS it support ISP redundancy? Yes.42. ICMP mechanism by-default in firewall.(high-low echo-req allow)43.ASA IOS Name(finesse)44. Integrating with 3 rd party devices45. Difference between checkpoint and ASA46. What is Data Confidentiality?Data confidentiality This is done via encryption to protect data from eavesdropping attacks; supported encryption algorithms include DES, 3DES, and AES.47. What is Data Integrity?Data integrity and authentication This is done via HMAC functions to verify that packets haven't been tampered with and are being received from a valid peer; in other words, to
prevent a man-in-the-middle or session hijacking attack. Supported HMAC functions include MD5 and SHA-1.48. Anti-replayAnti-replay detection This is done by including encrypted sequence numbers in data packets to ensure that a replay attack doesn't occur from a man-in-the-middle device.49. Explain about Main mode and explain mode in Phase I?ISAKMP/IKE Phase 1 is basically responsible for setting up the secure management connection. However, there are two modes for performing these three steps:Main, Aggressive ModesMain Mode: Main mode performs three two-way exchanges totaling six packets. The three exchanges are the three steps listed in the last section: negotiate the security policy to use for the management connection, use DH to encrypt the keys for the encryption algorithm and HMAC function negotiated in Step 1, and perform device authentication using either pre-shared keys, RSA encrypted nonces, or RSA signatures (digital certificates).Main mode has one advantage: the device authentication step occurs across the secure management connection, because this connection was built in the first two steps. Therefore, any identity information that the two peers need to send to each other is protected from eavesdropping attacks. This is the Cisco default mode for site-to-site sessions and for remote access connections that use certificates for device authentication.Aggressive Mode: In aggressive mode, two exchanges take place. The first exchange contains a list of possible policies to use to protect the management connection, the public key from the public/private key combination created by DH, identity information, and verification of the identity information (for example, a signature). All of this is squeezed into one packet. The second exchange is an acknowledgment of the receipt of the first packet, sharing the encrypted keys (done by DH), and whether or not the management connection has been established successfully.Aggressive mode has one main advantage over main mode: it is quicker in establishing the secure management connection. However, its downside is that any identity information is sent
in clear text; so if someone was eavesdropping on the transmission, they could see the actual identity information used to create the signature for device authentication. This shouldn't be a security issue, but if you are concerned about this, you can always use main mode.As I mentioned in the last section, main mode is the default mode for Cisco VPNs with one exception: Aggressive mode is the default mode with the Cisco remote access VPN if the devices will be using group pre-shared keys for device authentication.50. Explain about Transport mode and Tunnel mode in Phase II?Phase 2 Connection ModesAs I mentioned in the last two sections, there are two types of modes that AH and ESP can use to transport protected information to a destination:Transport mode, Tunnel modeIn transport mode, the real source and destination of the user data are performing the protection service. It becomes more difficult to manage as you add more and more devices using this connection mode. This mode is commonly used between two devices that need to protect specific information, like TFTP transfers of configuration files or syslog transfers of logging messages.In tunnel mode, intermediate devices (typically) are performing the protection service for the user data. This connection mode is used for site-to-site and remote access connections. Because the original IP packet is protected and embedded in AH/ESP and an outer IP header is added, the internal IP packet can contain private IP addresses. Plus, if you're using ESP for encryption, the real source and destination of the user data is hidden from eavesdroppers. The main advantage of tunnel mode over transport mode is that the protection service function can be centralized on a small number of devices, reducing the amount of configuration and management required. Both of these modes were discussed in detail in Chapter 1, "Overview of VPNs."
51. PPTP?
PPTP: PPTP originally was developed by Microsoft to provide a secure remote access solution where traffic needed to be transported from a client, across a public network, to a Microsoft server (VPN gateway). One of the interesting items about PPTP's implementation is that it is an extension of the Point-to-Point Protocol (PPP). Because PPTP uses PPP, PPTP can leverage PPP's features. For example, PPTP allows the encapsulation of multiple protocols, such as IP, IPX, and NetBEUI, via the VPN tunnel. Also, PPP supports the use of authentication via PAP, CHAP, and MS-CHAP. PPTP can use this to authenticate devices.52. L2TP?L2TP: L2TP is a combination of PPTP and L2F. It is defined in RFCs 2661 and 3438. L2TP took the best of both PPTP and L2F and integrated them into a single protocol. Like PPTP, L2TP uses PPP to encapsulate user data, allowing the multiple protocols to be sent across a tunnel. L2TP, like PPTP, extends the PPP protocol. As an additional security enhancement, L2TP can be placed in the payload of an IPsec packet, combining the security advantages of IPsec and the benefits of user authentication, tunnel address assignment and configuration, and multiple protocol support with PPP. This combination is commonly referred to as L2TP over IPsec or L2TP/IPsec. The remainder of this chapter is devoted to an overview of L2TP, how it is implemented, and the advantages it has over PPTP.
