4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

NETWORK &
SECURITY
CONSULTANT
Learn From Network & Security Consultant

HOME SECURITY WIRELESS DATACENTER F5 INTERVIEW QUESTIONS

Showing posts with label Interview Questions. Show all posts

What is the Difference Between Traditional

Firewall & Next Generation Firewall
 April 09, 2020  Interview Questions, Security  1 comment

What is the Difference Between Traditional Firewall & Next-Generation Firewall

--> Next-Generation Firewalls are nothing but in simple terms Traditional Firewall + IPS+
AMP +AV+Web Proxy.

                IPS --- Intrusion Prevention System

                AMP--- Advanced Malware Protection

                AV ------- Anti Virus

--> Next-Generation Firewalls can filter the traffic based upon applications that are not possible in
Traditional Firewalls. ( Application Visibility & Control)

Ex: If you want to block Facebook Chat while allowing users to browse Facebook or you want to
block WhatsApp application which is only possible in Next-Generation Firewalls.

--> Next-Generation Firewalls are created to replace the Traditional Firewalls in the Firewall
Industry.

--> Traditional Firewall cannot check the data which is passing through firewall they can only

https://www.kareemccie.com/search/label/Interview Questions 1/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

check port or IP address information for filtering the traffic.

--> Below are the advantages of Next-Generation Firewalls compared to Traditional Firewalls:

1) Next-Generation Firewalls can even inspect SSL/ SSH encrypted traffic by doing SSL/SSH
Decryption.

2) Next-Generation Firewalls also does Intrusion Prevention/ Intrusion Detection Services.

3) Next-Generation Firewalls can also detect Malware and Viruses in the network.

4) URL Filtering is also possible with Next-Generation Firewalls.

5) We can create the policies based upon username/User ID

Connect with me on Linkedin: https://www.linkedin.com/in/mahmmad-kareemoddin-7a177342/

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

Networking Interview Questions &

Answers
 March 31, 2020  Interview Questions  No comments

Top Networking Interview Questions

1) Difference between RIPv1 and RIPv2?

Ans:

https://www.kareemccie.com/search/label/Interview Questions 2/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

RIPv1 :
1) no support for VLSM and summarization

2) no loop prevention mechanisms available.

3) In order to send updates, it uses a broadcast address.

4) More bandwidth Utilization

5) Classful Routing Protocol

RIPV2:

1) support for VLSM and summarization

2) loop prevention mechanisms available.

3) In order to send updates, it uses the multicast address.

4) Less bandwidth Utilization

5) Classless Routing Protocol

2) How many numbers of routes carried by the RIP packet?

Ans: 25 networks or routes in the update message

3) What is the requirement of doing summarization?

Ans:

1) Reduces the amount of information stored in routing tables.

2) Allocates an existing pool of addresses more economically

3) Lessens the load on router processor and memory resources

4)Less number of update messages

5) Less bandwidth

4) Difference between static and floating static routes?

https://www.kareemccie.com/search/label/Interview Questions 3/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Ans:

Static: A route with administrative distance 1

Floating Static route: A static route with an administrative distance more than 1.

 Note: The floating static route will be used for redundancy.

5) What is the protocol?

Ans:

The protocol is a set of rules which define how to exchange the data between 2 devices.

6) What is the difference between Switch and Bridge?

Ans:

Switch                                                                                       

1) Hardware-based

2) Support for VLANs

3) Support for STP

4) Faster

5) Multiple Ports

Bridge:

1) Software-based

2) No Support for VLANs

3) No Support for STP

4) Slower

5) Two Ports

7) Difference between Wireless LAN & Wired LAN?

https://www.kareemccie.com/search/label/Interview Questions 4/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Ans:

Wired LAN:

1) Uses cable to send the data

2) Full Duplex

3) Uses CSMA/CD

4) Faster

5) Less Flexible

6) More Secure

Wireless LAN

1) Does not use Cable

2) Half-Duplex

3) Uses CSMA/CD

4) Slower

5) More Flexible

6) Less Secure

8) Differences between IPv4 & IPv6?

Ans:

IPv4:

1) Number of Address bits:32

2) Uses Dotted Decimal Format

3) Supports Broadcasting by default

4) IPSEC is not enabled by default

5) Less Mobility
https://www.kareemccie.com/search/label/Interview Questions 5/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

6) Each Device will have only one IPV4 address assigned to it.

IPv6

1) Number of Address bits:128

2) Uses Colon Notation Format

3) Does not support Broadcasting

4) IPSEC is enabled by default

5) More Mobility

6) Each Device will have only Two IPv6 addresses assigned to it.

9) What is VLAN?

Ans:

VLAN is a method of dividing one broadcast domain into smaller Broadcast domains.

10) What are the functions of a Router?

Ans:

1)  Packet Forwarding: To move the data from one network to another network

2)  Packet Switching:   To move the data from one interface to another interface in/between the
routers.

3) Packet Filtering: Router can also filter the packets like a firewall with the help of ACL.

11) What are the functions of a Switch?

Ans:

1) Learning the MAC address with the help of Source MAC address

2)  Forwarding data with the help of the destination MAC address

3) Loop Avoidance using STP

12) What are the different types of Routers?

https://www.kareemccie.com/search/label/Interview Questions 6/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Ans:

Fixed Router

1) A Router that has a fixed number of interfaces.

2) Not upgradable

3) No slots to add the number of interfaces into it

4) Less Cost

Ex: 2500 Router

Modular Router

1) A Router that does not have a fixed number of interfaces.

2) Upgradable

3) slots to add the number of interfaces into it

4) More  Cost

Ex: 2600,2800,2900,3600 Series of Routers.

13) What is a Router?

Ans:

A router is an internetworking device which provides communication between 2 or more different

networks

14) What is a Switch?

Ans:

A Switch is a networking device that provides communication within the same network.

15) What is the difference between a collision domain and Broadcast Domain?

A:

Collision Domain:
https://www.kareemccie.com/search/label/Interview Questions 7/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

--> Area of the network which is affected by the collision.

--> 1 Collision domain per hub/ 1 collision domain per switch port/ 1 collision domain per router
port.

Broadcast Domain:

--> Area of the network where broadcast sent by one device will be received all other devices.

--> 1 Broadcast domain per hub/ 1 Broadcast domain per switch port/ 1 Broadcast domain per
router port.

16)  What is the range of private IP addresses?

A:

Class A: 10.0.0.0 - 10.255.255.255

Class B: 172.16.0.0- 172.31.255.255

Class C: 192.168.0.0-192.168.255.255

17) What is the difference between a static routing protocol and a dynamic routing protocol?

A:

Static Routing Protocol

--> Best path is selected by the network administrator

--> Requires less memory/CPU utilization

--> Topology changes are not automatic

--> secure as all the work is done by the network administrator

--> Advertises indirectly connected networks

--> Implemented in smaller networks

Dynamic Routing Protocol

--> Best path is selected by the router

https://www.kareemccie.com/search/label/Interview Questions 8/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

--> Requires more memory/CPU utilization

--> Topology changes are automatic

--> less secure as all the work is done by the router

--> Advertises directly connected networks

--> Implemented in large networks

18) What is the difference between Private IP and Public IP address?

A:

Private IP address:

--> used within the organization.

--> possible to use the same IPv4 address in different places.

--> Assigned by a network administrator

--> Not routable on the Internet.

Public IP address

--> used for Internet Access.

--> Not possible to use the same IPv4 address in different places.

--> Assigned by IANA/ISP

--> Routable on the Internet.

19) What is the Maximum and Minimum Size of the Frame?

A: 

Minimum Size of the Frame: 64 bytes

Maximum Size of the Frame: 1500 bytes

20) What is Summarization?

https://www.kareemccie.com/search/label/Interview Questions 9/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

A:

Summarization is a method of combining multiple smaller networks into one large network.

There are two types of summarization:

1) Manual Summarization: Summarization is done by the network administrator

2) Automatic Summarization: Summarization is done by the router

21) What is Subnetting?

A:

Subnetting is a method of dividing a large network into multiple smaller networks.

There are two types of subnetting:

1) FLSM: Dividing one large network into subnetworks.

2) VLSM: Dividing subnetted networks into subnets

22) What is the difference between Summarization and Supernetting?

A:

Supernetting: Combining one or more classful networks into one large network

Ex: 192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,192.168.3.0/24 --> 192.168.0.0/22

Summarization: Combining one or more classless networks into one large network

Ex: 172.16.0.0/24,172.16.1.0/24,172.16.2.0/24,172.16.3.0/24 --> 172.16.0.0/22

23) What is a Native VLAN?

A:

A Native VLAN is untagged VLAN over the 802.1q Trunk.

24) What is APIPA?

https://www.kareemccie.com/search/label/Interview Questions 10/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

A:

APIPA stands for Automatic Private IP address. It is used to assign the IP address to the network
devices when the DHCP Server is not reachable.

25) What is the difference between ISL & Dot1q?

A:

ISL

--> ISL Stands for Inter-Switch Link

--> Cisco Proprietary

--> Requires 30 bytes of Overhead

--> Supports up to 1000 VLANs

--> Does not support Native VLAN.

Dot1q

--> It is also called as 802.1q

--> Open Standard

--> Requires 4 bytes of overhead

--> Supports up to 4096 VLANs

--> Supports Native VLAN.

26) What is the difference between HDLC and PPP?

A:

HDLC:

--> HDLC stands for High Level Data Link Control

--> Vendor Proprietary

--> Does not support authentication

https://www.kareemccie.com/search/label/Interview Questions 11/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

--> Does not support compression

--> Supports synchronous connections only

PPP

--> PPP stands for Point to Point Protocol

--> Open Standard

-->  Support authentication

-->  Support compression

--> Supports synchronous connections and asynchronous connections.

27) What is the difference between Tracert and Traceroute?

A:

Tracert: Protocol used in windows operating systems to find the number of hops between source
and destination.

Traceroute: Protocol used in Linux operating systems to find the number of hops between source
and destination.

28) What is Checksum?

A:

A checksum is a value that represents the integrity of the data.

29) What is the use of service password-encryption?

A:

Service password-encryption is used to encrypt all the passwords stored in the running
configuration file of the Cisco device.

30) What is the difference between physical topology and logical topology?

A:
https://www.kareemccie.com/search/label/Interview Questions 12/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Physical Topology: Refers to how the network devices are physically connected

Logical Topology: Refers to how communication takes place within the network.

31) What is an Autonomous System?

A:

An Autonomous System is a collection of routers under a single technical domain.

32) What are the different protocol data units of the OSI Reference Model?

A:

Application Layer -- Data

Presentation Layer -- Data

Session Layer -- Data

Transport Layer -- Segments

Network Layer -- Packets

Data Link Layer-- Frames

Physical Layer -- Bits

33) What are the devices work on Physical, Data Link and Network Layers of OSI Model?

A:

Physical Layer:  Hub, NIC

Data Link Layer: Bridges and Switches

Network Layer: Routers

34) What is a Firewall?

A:

A Firewall is a networking device that filters incoming/outgoing traffic that enters/leaves the
network.
https://www.kareemccie.com/search/label/Interview Questions 13/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

35) What are the different types of interfaces available on the switch?

A:

1) Lan Interface

Ex: Ethernet, Fast Ethernet, Gigabit Ethernet, etc.

2) Administrative Interface

Ex: Console Interface.

36) What is the difference between Routed Protocol and Routing Protocol?

Ans:

Routing Protocol

1) Used to decide the best path

2) Used between the routers

3) Allows the router to build the routing table

Ex: EIGRP, OSPF,RIP,etc

Routed Protocol

1) Used to forward the data

2) Used between all the devices.

3) It assigns an address to the network device

Ex: IP, IPX and Apple Talk

 37) Administrative Distance of different routing protocols?

Ans:

Static: 1

https://www.kareemccie.com/search/label/Interview Questions 14/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Internal EIGRP: 90

IGRP 100

OSPF 110

RIP 120

External EIGRP 170

Internal BGP 200

External BGP 20

38) What are the different types of interfaces available on the router?

Ans:

1) Lan Interface: ->This interface is used to connect the router to a LAN device.

Ex: Ethernet, Fast Ethernet, Gigabit Ethernet, etc.

2) Wan Interface:-> This interface is used to connect the router to wan device.

Ex: Serial, ISDN interfaces, etc.

3) Administrative Interface: This interface is used to manage the router.

Ex: Console and Auxiliary interfaces

39) What are the different types of Switches?

Ans:

1) Unmanageable Switch:

à A switch which does not have a console port

à No IP address can be assigned.

à Vlans cannot be created.

à Less cost

https://www.kareemccie.com/search/label/Interview Questions 15/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

2) Manageable Switch:

à A switch which has a console port

à IP address can be assigned.

à Vlans cannot be created.

à More cost.

40) What are the key advantages of using switches instead of hubs?

A: 

--> Reduces the number of collisions

--> Increases the Bandwidth Utilization

--> Reduces the number of broadcasts

41) What is the difference between User Mode and Privilege Mode in Cisco IOS?

A:

User Mode:

--> Basic Troubleshooting tasks such as PING, Traceroute can be done in this mode.

--> Basic status of a network device such as router or switch can be checked in this mode.

--> Can be identified using ">" icon.

--> Does not allow to modify the configuration in this mode.

Privilege Mode:

--> Perform Configuration Backup/Restore from this mode.

--> Advanced status of a network device such as router or switch can be checked in this
mode using show commands.

--> Can be identified using "#" icon.

https://www.kareemccie.com/search/label/Interview Questions 16/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

--> Allows modifying the configuration in this mode.

42) Difference between MLS and Router?

Multi-Layer Switch

1) More number of ports

2) No support for NAT

3) Uses ASIC to forward the data

4) Faster

5) Does not support advanced QOS

Router:

1) Less number of ports

2)  support for NAT

3) Uses Processor to forward the data

4) Slower 

5) support advanced QOS

43)  Different Port numbers

A:  TCP ---------------6

UDP---------------17
FTP-----------------20,21
SSH-----------------22
Telnet--------------23
SMTP--------------25
DNS----------------53
DHCP---------------67,68
TFTP----------------69
HTTP------------80
HTTPS-----------443
https://www.kareemccie.com/search/label/Interview Questions 17/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

NTP--------------123
SNMP------------161
POP---------------110

Please find More Networking Interview Questions below page:

https://www.kareemccie.com/search/label/Interview%20Questions

Connect with me on Linkedin: https://www.linkedin.com/in/mahmmad-kareemoddin-

7a177342/

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

GLBP Interview Questions

 March 30, 2020  Interview Questions  No comments

Q) What is the use of GLBP?

A: VRRP is used to provide default gateway redundancy.

Q) What is the GLBP virtual MAC address?

A:0007.b400.XXYY ( Where XX--> Group Number, YY--> AVF Number)

Q) What are the maximum number of routers that can be present in a GLBP group?

A: 5

Q) GLBP Uses Which Protocol to communicate with other routers?

A: UDP Port 3222

Q) What is the Source IP & Destination IP address of GLBP Hello message?

A: Source IP address: Interface IP address and Destination IP address: 224.0.0.102

Q) Is it possible to configure GLBP on Multi-Layer Switch (MLS)?

A: Yes it is possible to configure GLBP on MLS (3560) switches...

https://www.kareemccie.com/search/label/Interview Questions 18/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Q) What are the GLBP default Hello and Hold Down Timers?

A: Hello Timer = 3 Sec

Hold Down Timer = 10 Sec

Q) What are the different roles assigned to the routers in GLBP?

A: Active Virtual Gateway: Selects which router to respond to the traffic

      Active Virtual Forwarder: The router which is forwards the traffic.

Q) What is the main difference compared to HSRP and VRRP in GLBP?

A: GLBP supports load balancing whereas HSRP and VRRP do not support load balancing.

Q) Does AVG act as AVF?

A: Yes

Q) How many states present in GLBP?

A:

Disabled

Initial

Listen

Speak

Standby

Active

Q) What are the different types of load balancing methods supported by GLBP?

A:

1) Round Robin

2) Weighted

https://www.kareemccie.com/search/label/Interview Questions 19/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

3) Host Dependent

4) None

Follow More Networking Interview Questions on my blog:

https://www.kareemccie.com/search/label/Interview%20Questions

Connect with me on Linkedin: https://www.linkedin.com/in/mahmmad-kareemoddin-7a177342/

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

VRRP Interview Questions

 March 27, 2020  Interview Questions  3 comments

Q) What is the use of VRRP?

A: VRRP is used to provide default gateway redundancy.

Q) What is the maximum number of HSRP groups that can be created in the router?

A:256

Q) What is the VRRP virtual MAC address?

A:0000.5E00.01XX

Q) What are the maximum number of routers that can be present in a group?

A: 255

Q) VRRP Uses Which Protocol to communicate with other routers?

A: IP Protocol 112

Q) What is the Source IP & Destination IP address of VRRP Hello message?

A: Source IP address: Interface IP address and Destination IP address: 224.0.0.18

https://www.kareemccie.com/search/label/Interview Questions 20/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Q) Is it possible to configure VRRP on Multi-Layer Switch (MLS)?

A: Yes it is possible to configure VRRP on MLS (3560) switches...

Q) What are the VRRP default Hello and Hold Down Timers?

A: Hello Timer = 1 Sec

Hold Down Timer = Nearly 3 Seconds

Q) What are the different roles assigned to the routers in VRRP?

A: Master Router: The router which forwards the traffic

      Backup Router: The router which is the backup to Master Router

Q)  If Master router LAN interface is up but the line protocol is down, In this case, whether Backup
router will become Master router?

A:  Yes Backup router will become the Master router if the interface is up but the line protocol is
down.

Q) If you perform traceroute, which IP address you will see in the reply (Physical or virtual IP )?

A: Physical IP address

Q)  Is it possible to use a real interface IP address as a virtual address in VRRP?

A: Yes

Connect with me on Linkedin: https://www.linkedin.com/in/mahmmad-kareemoddin-7a177342/

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

Etherchannel Interview Questions

 March 26, 2020  Interview Questions  No comments

Q) What is Etherchannel?

https://www.kareemccie.com/search/label/Interview Questions 21/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Etherchannel is a method of logical bundling of two or more physical links.

Q) What are the types of Etherchannel?

1) PAgP  (Port Aggregation Protocol) ( Dynamic Etherchannel)

2) LACP (Link Aggregation Protocol) ( Dynamic Etherchannel)
3) Manual Etherchannel (ON) ( Static Etherchannel)

Q) What are the advantages of Etherchannel?

--> We can utilize all the links as STP will not block the link.

--> Increased Speed.

--> Redundancy ( The Etherchannel continues to work till all the links go down).

Q) What is the difference between PAGP and LACP in Etherchannel?

--> PAGP is Cisco Proprietary and LACP is an open standard.

Q) How many Links we can bundle using Etherchannel?

Q) What are the requirements to configure EtherChannel between two devices?

--> Same Duplex settings

--> Same Speed

--> Same Native and Allowed VLAN

--> Same Switchport Mode (Access Mode or Trunk Mode)

Q) Why port in Etherchannel goes into a suspended state?

A: It goes into Suspended state when the above requirements do not match.

Q) Why Dynamic Etherchannel is recommended compared to Static Etherchannel?

--> Dynamic Etherchannel checks all the parameters which were mentioned above before forming
the EtherChannel.

--> There is a less chance of loop if we use dynamic EtherChannel instead of static EtherChannel.
https://www.kareemccie.com/search/label/Interview Questions 22/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Q) What are the Modes present in PAGP and LACP Etherchannel?

PAGP

Desirable ( The interface which is configured in the mode will actively try to form the
EtherChannel)

Auto ( The interface which is configured in the mode will passively try to form the EtherChannel)

LACP

Active  ( The interface which is configured in the mode will actively try to form the EtherChannel)

Passive ( The interface which is configured in the mode will passively try to form the
EtherChannel)

Q) What are the modes configured in Static/Manual Etherchannel?

ON ( The interface tries to form EtherChannel without checking any parameters)

OFF ( The interface does not try to form the EtherChannel in this mode)

Q) Is it possible to configure the Etherchannel between two different devices such as Router and
Switch or Switch and Server?

A: Yes

Q) How many ways you can configure the Etherchannel?

--> Layer2 Etherchannel ( No IP address is assigned to the Etherchannel)

--> Layer3 Etherchannel ( IP address is assigned to the Etherchannel)

Q) What are the load balancing methods supported by Etherchannel?

--> Dst-ip

--> Src-ip

--> Dst-mac

--> Src-mac

--> Dst-port
https://www.kareemccie.com/search/label/Interview Questions 23/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

--> Src-port

--> Src-dst-ip

--> Src-dst-mac

--> Src-dst-port

Q) What is the default Port Priority value in PAGP Etherchannel?

A: 128

Q)
Md.Kareemoddin

CCIEE# 54579

Connect with me on Linkedin: https://www.linkedin.com/in/mahmmad-kareemoddin-7a177342/

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

What is the difference between IPSEC VPN

and SSL VPN?
 October 19, 2018  CCNP Security, Interview Questions  No comments

IPSEC VPN

--> Works on Transport Layer of the OSI reference model.

--> Complex Configuration

--> Requires a client software on every endpoint for Remote Access VPN.

--> Supports only specific devices to connect.

--> Does not provide granular access up to application layer.

https://www.kareemccie.com/search/label/Interview Questions 24/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

--> Less flexible.

--> Uses DES,3DES and AES algorithm for encryption.

--> Built-in Authentication makes more secure compared to SSL VPN.

--> Well Suited for Site to Site VPN.

SSL VPN

--> Works on Application Layer of the OSI reference model.

--> It is easier to configure as it works on HTTPS.

--> Does not require client software on every endpoint for Remote Access VPN.

--> Any End device can connect by using SSL VPN.

--> Provides granular access up to the application layer ( Users can get the access only specific
resources that are required according to security policy).

--> More flexible.

--> Uses only DES algorithm for encryption.

--> Uses Third-Party Authentication makes less secure compared to IPSEC VPN.

--> Well suited for Remote Access VPN and Web-based Applications.

Md.Kareemoddin

https://www.kareemccie.com/search/label/Interview Questions 25/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

CCIE # 54759

Like Our Page On Facebook  https://www.facebook.com/networkingforu/

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

Differences between clientless ssl vpn and

client based ssl vpn
 August 19, 2017  Interview Questions, Nexus, Security  No comments

Client based ssl vpn

--> Need to install application to access resources.

--> Supports all applications (Full Tunnel Mode)

--> Virtual network interface is created on client computer/laptop.

--> Vpn gateway assigns new IP address to the client computer/laptop.

Clientless ssl vpn

--> Requires web browser only to access resources.

--> Need to install plugins to access some plugins.

--> virtual interface is not created on computer/laptop.

--> No IP address is assigned to the computer /laptop.

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

https://www.kareemccie.com/search/label/Interview Questions 26/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Differences Between LWAPP and

CAPWAP
 August 17, 2017  Interview Questions, wireless  No comments

--> Control Provisioning of Wireless Access Points is a standard Protocol that enables a wireless
lan controller to manage access point.

--> CAPWAP is  based upon Lighet Weight Access Point Protocol.

--> CAPWAP does not support layer 2 mode compared to LWAPP.

--> CAPWAP is more secure to LWAPP.

--> MTU discovery is only possible in CAPWAP

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

What are the limitations of Port Channel?

 July 15, 2017  data center, Interview Questions  No comments

1) Port Channels are always created between two directly connected devices, not between non
directly connected devices.

2) Port Channel does not increase the speed, simply they will increase the throughput( The traffic
between device A to device B always goes via only one link, even though if you have four links in
the ether channel).

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

https://www.kareemccie.com/search/label/Interview Questions 27/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

What is the difference between VSS and

vPC?
 July 15, 2017  data center, Interview Questions  4 comments

Basically VSS and Vpc both are used to create multi chasis etherchannel

1) vPC is Nexus switch specific feature,however,VSS is created using 6500 series switches

2) In VSS there will be single control plane for both the switches, where as in vPC there will be separate control
plane for every switch.

3) VSS can support L3 port-channels across multiple chassis,however, vpc is used for L2 port-channels only.

4) VSS supports both PAgP and LACP,however, VPC only supports LACP.

5) VSS mainly used for campus environment whereas VPC is used for Data Center environment.

6) In VSS, only one logical switch has be managed from management and configuration point of view.That
means, when the switches are put into VSS, now there is only one IP which is used to access the switch. They
are not managed as separate switches and all configuration are done on active switch. 

-They are managed similar to what we do in stack in 3750 switches,however, in vPC, the switches are managed
separately. That means both switches will have separate IP by which they can be accessed,monitored and
managed. Virtually they will appear a single logical switch from port-channel point of view only to downstream
devices.

-As i said, VSS is single management and single configuration, we can not use them for HSRP active and
standby purpose because they are no longer 2 seperate boxes. Infact HSRP is not needed, right? one single IP
can be given to L3 interface and that can be used as gateway for the devices in that particular vlan and we will
still have redundancy as being same ip assigned on a group of 2 switches.

- If one switch fails, another can take over.,however, in vPC as i mentioned above devices are separately
configured and managed, we need to configure gateway redundancy same as in traditional manner.

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

https://www.kareemccie.com/search/label/Interview Questions 28/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

What is the difference between Manual

NAT and Auto NAT?
 April 19, 2017  CCNA Security, Interview Questions, Security  2 comments

Interview Q: What is the

difference between Manual NAT and Auto NAT?

à
Configuration of Manual NAT is done under global configuration mode whereas
Auto NAT
configuration is done under Network Object mode.

à
Auto NAT only allows you to translate source address and Manual NAT we can translate both
Source and Destination Address.

à Auto NAT is also called as Object NAT and Manual NAT is also called as Twice NAT.

à
We can only use network object in Auto NAT, whereas we can use both network
object and
network object group in Manual NAT.

à
Manual NAT is more flexible compared to Auto NAT.

à
In Auto NAT, Nat rules are automatically ordered. In Manual NAT, Nat rules are
manually
ordered.

à
Auto NAT is easy to configure compared to MANUAL NAT.

Note: It is recommended
to use Auto NAT unless you need more features of Manual NAT.

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

Differences between IKEv1 and IKEv2

 December 02, 2016  Interview Questions, Security  3 comments

Differences between IKEv1 and IKEv2

--> IKEv2 is an enhancement to IKEv1.

--> IKEv2 does not consume more bandwidth compared to IKEv1.

https://www.kareemccie.com/search/label/Interview Questions 29/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

--> IKEV2 is more scalable by using proposals which automatically creates the different
combinations of policies or security associations.

--> IKEv2 supports EAP authentication whereas IKEv1 does not support.

--> IKEv2 is having built-in NAT traversal whereas IKEv1 is having optional.

--> IKEv2 supports MOBIKE where IKEv1 does not support.( MOBIKE allows IKEv2 to be used in
Mobile platforms).

--> IKEv1 requires symmetric authentication (both have to use the same method of authentication),
whereas IKEv2 uses Asymmetric Authentication ( Means one side RSA, another side can be pre-
shared-key).

--> IKEv2 allows you to use separate keys for each direction which provides more security
compared to IKEv1.

--> IKEv2 provides more security by having the support for more algorithms compared to IKEv1.

--> Flex VPN will work with the only IKEv2, not with IKEv1.

--> IKEV2 supports 4 messages whereas IKEv1 works in two modes ( Main Mode -- 6 messages
and Aggressive Mode -- 3 messages).

--> IKEV2 is not backward compatible with IKEV1.

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

OSPF Interview Questions

 September 30, 2016  Interview Questions, OSPF  No comments

1) OSPF Authentication Happens in Which State?

A: TWO Way state

2) What are the must match parameters to become neighbors in OSPF?

https://www.kareemccie.com/search/label/Interview Questions 30/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

A: 1) HELLO TIME and DEAD Interval

     2) Unique Router-ID

     3) Area ID

     4) Area Type

     5) Subnet Mask

     6) Authentication

3) What is the difference between Adjacency and Neighbor ship in OSPF?

--> Adjacent Routers are the routers that exchanged hello messages, LSA and have synchronized
LSDB.

---> Neighbor Routers are the routers that exchanged only hello messages.

Ex: DR-- BDR/DROTHER ( Adjacent Routers)

       DROTHER-- DROTHER ( Neighbor Routers)

4) How many states are present in OSPF?

1) DOWN

2) INIT

3) 2-WAY

4) EXSTART

5) EXCHANGE

6) LOADING

7) FULL

8) ATTEMPT ( only in NBMA networks)

5) IN DR/BDR election which router is elected first?

--> BDR is elected first then DR

https://www.kareemccie.com/search/label/Interview Questions 31/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

6) TWO way state is a problem in OSPF?

A: No it is normal in Broadcast Network

7) If there are routers present in the area, which router does the conversion of LSA7 to LSA 5 in
OSPF ?

A: ABR with lowest router-id

8) can we stop some specific routes entering into NSSA in OSPF?

A: Yes by giving no-advertise command

9)  LSA 3 and LSA 4 are generated by which router in OSPF?

A: i) LSA 3 is generated by ABR of each Area.

   ii) LSA 4 is generated by ABR of each Area where ASBR is present.

10) When to use Stub and Not So Stubby Area in OSPF?

A: When you don’t want external LSA into the area.

11)  What is the different type of route summarization available in OSPF?

A: Only Manual Summarization

12) What is the difference between OSPF and IS-IS and which one is preferred?

A:

1) IS-IS does not support Virtual links whereas OSPF supports the virtual link concept.

2) IS-IS is more flexible compared to OSPF.

3)IS-IS Supports only simple authentication whereas OSPF supports simple authentication ( Clear
Text) as well as MD-5 Authentication.

4) Both are classless and link-state routing protocols.

5) OSPF routers form neighbor relationships only if hello and hold down timers match whereas in
IS-IS hello interval and hold down timer need not match to form a neighbor relationship.

13) Is the OSPF link state or distance vector or path-vector protocol?

https://www.kareemccie.com/search/label/Interview Questions 32/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Ans: Link State Routing Protocol

14) How many network types available in OSPF?

Ans:

1) Point to Point network

2) BMA

3) NBMA

4) point to multipoint

5) point to multipoint non-broadcast

15) Different types of Link State Advertisements aka LSA?

Ans:

1) Router LSA

2) Network LSA

3) Summary LSA

4) Summary ASBR LSA

5) Autonomous system external LSA

6) Multicast OSPF LSA

7) Not-so-stubby area LSA

8) External attribute LSA for BGP

16) Difference between EIGRP and OSPF protocol?

EIGRP  OSPF

1) Advanced Distance Vector  1) Link State Routing Protocol

2) AD: 90 2)AD:110
3) Supports Manual and Auto summary 3) Supports Manual summary only

https://www.kareemccie.com/search/label/Interview Questions 33/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions
4) Supports Equal and Unequal cost load balancing 4) Supports Equal only
5) Support only MD-5 authentication 5) Clear Text and MD-5 authentication
6) No support of areas 6) Supports areas
7) Multicast address 224.0.0.10 7)224.0.0.5 & 224.0.0.6
8) Hop Count : 255 8) Hop Count: unlimited
9) Metric : Composite Metric(bandwidth+delay) 9) Metric=cost(bandwidth)

17) One side MTU is 1500 and another side MTU is 1600. Does it affect the neighbor
relationship in OSPF?

Ans: Neighbors will be stuck in the EXSTART state always in OSPF.

18) 

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

MPLS Interview Questions

 August 23, 2016  Interview Questions, MPLS  No comments

Q) What is MPLS?

A: MPLS is a forwarding mechanism which allows the router to forwarding packets based upon
labels instead of IP Address.

Q) Why MPLS is called as Multi Protocol Label Switching?

A: MPLS is called as Multi Protocol because it supports all the protocols like Ethernet, Frame-
Relay , X.25 and forwards packets based upon Labels.

Q)Why MPLS is called as Layer 2.5 Technology ?

A: MPLS is called as Layer 2.5 Technology because the router inserts MPLS Header in between
Layer 2 and Layer 3 Header.

https://www.kareemccie.com/search/label/Interview Questions 34/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Q) What are the applications of MPLS?

A: MPLS supports following applications,

– Unicast and multicast IP routing

– VPN
– TE
– QoS
– AToM

Q) What are the advantages of MPLS?

A: MPLS provides following advantages,

i) MPLS decreases the forwarding overhead on the core routers. 

ii) MPLS supports multiple useful applications such as VPN,TE,QOS.

iii) MPLS supports the forwarding of non-IP protocols, because MPLS technologies are applicable
to any network layer protocol. 

iv) BGP Free Core

Q) What is LDP?

A: LDP is a Labelling Protocol used to share label information with other routers and create label
forwarding table.

Q) What is the port number used by LDP?

A: LDP runs on port number 646 ( UDP port number for discovery of LDP neighbors and TCP port
for exchanging the label  information.

Q) What are the prerequisites to run MPLS?

A: 1) IP CEF

     2)  IGP Protocol

https://www.kareemccie.com/search/label/Interview Questions 35/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

     3) LDP router-id must be reachable

Q) What is penultimate hop popping?

A: Penultimate hop popping is a method of reducing label lookups on egress router. It is basically
done by the one hop before the egress router.

Q) What are the functions done by MPLS?

A) 1) PUSH ( Adding the Label)

      2) POP ( Removing the Label)

      3) SWAP ( Changing the Label)

Q) What is the difference between Per Platform Label Space and Per Interface Label Space?

A: Per Platform label space indicates the labels assigned based upon the destination network and
Per Interface label space indicates the labels assigned based upon the destination network and
interface.

Q) Is summarization is recommended in MPLS?

A: No

Q) What is TTL Propagation in MPLS?

A: TTL Propagation is a method of copying the TTL value from IP Header to MPLS header.

Q) What is LDP IGP Synchronization?

A: LDP IGP Synchronization allows the router not to forward the packets on the link where ldp is
down but IGP is enabled.

Q) What is the difference between Implicit Null and Explicit Null?

A: --> Implicit Null ( Label 3) is used to indicate the other router to remove label before sending
the packets ( PHP).

--> Explicit Null ( Label 0) is used for QOS and disables PHP behavior.

Connect with me on Linkedin:Linkedin

Read More

https://www.kareemccie.com/search/label/Interview Questions 36/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Share This:    Facebook  Twitter  Google+  Stumble  Digg

Multicast Interview Questions

 April 25, 2016  Interview Questions, Multicast  No comments

Q) What is Multicast?

A: Multicast is a method of sending the data from one source to so many receivers.

Q) What are the protocols used in Multicast?

A:  IGMP - Provides the communication between host and Router

      PIM(IPV4), MLD(IPV6)- Provides the communication between Router and Router

      IGMP Snooping & CGMP - Provides the communication between Router & Switch

Q) What is IGMP?

A: IGMP is a protocol which enables the host to join particular group by signalling the router.

Q) What is the difference between IGMPV1 and IGMPv2?

A: --> In IGMPV1 there are only 2 messages are used ( Membership Query and Membership
Report) whereas in IGMPV2 there is one more message extra( Query, Report and Leave).

--> In IGMPV1 there is no Group Membership Query message.

--> There is no Querier Election mechanism in IGMPV1.

https://www.kareemccie.com/search/label/Interview Questions 37/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Q) What is the use of Multicast  Distribution Tree?

A: Multicast Distribution Tree specifies the path between source and Receiver in which multicast
traffic should be forwarded. There are mainly two types of Multicast Distribution Trees

1) Source Tree

2) Shared Tree

Q) What is the  Source Tree ?

A:  Source Tree

--> Used in both PIM Sparse Mode and Dense Mode.

--> Uses Source as the Root of the Multicast Tree and Receivers are acting like branches.

-->  It is also known as Shortest Path Tree because it uses the shortest path between source and
receiver.

--> Every Router in Source Tree will add (S,G) Entries in multicast routing table.

      Where S = Source or Sender IP address ( Unicast) (192.1.1.1)

                  G = Destination IP address ( Multicast IP address) (224.5.5.5)

Q) What is the Shared Tree?

-> Used in both PIM Sparse Mode only.

--> Uses Rendezvous Point as the Root of the Multicast Tree and shortest path tree will be created
between i) Source & RP ii) Receiver & RP

-->  It is also known as Root Path Tree or Core Based Tree.

--> Every Router in Source Tree will add (*,G) Entries in multicast routing table.

      Where  * = All Sources

                  G = Destination IP address ( Multicast IP address) (224.5.5.5)

Q) What is PIM?

A: PIM is a protocol used between the routers to forward multicast traffic. PIM works in two
https://www.kareemccie.com/search/label/Interview Questions 38/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

modes

i) PIM Dense Mode

ii) PIM Sparse Mode

Q) What are the different types of Multicast Address Ranges?

Link-Local Multicast Address:

--> Link-Local Multicast address range is reserved with 224.0.0.0/24

--> They have the TTL Value of 1.

--> Multicast packet cannot be forwarded outside of the link.

--> Mostly used in routing protocols such as EIGRP/OSPF for sending hello packets.

Ex: 224.0.0.5 --> OSPF, 224.0.0.10 --> EIGRP

Source-Specific Multicast

--> Source-Specific Multicast address range is reserved with 232.0.0.0/8

--> Used for Discovering the unicast address of the server who is generating the multicast traffic.

GLOP Multicast Address

--> GLOP Multicast address range is reserved with 233.0.0.0/8

--> GLOP has no abbreviation, it is just GLOP.

--> GLOP Multicast address is used by companies who have their own Public AS Number.

--> If a company owns Public AS Number 21544 then in order to get the Multicast address for the
company:

1) Convert the AS Number from Decimal to Hexa Decimal

21544 --> 5428

2) Convert Hexa Decimal of the first two digits 54 to Decimal and the last two digits 28 to
Decimal.

https://www.kareemccie.com/search/label/Interview Questions 39/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

54 --> 84 and 28 --> 40

3) The Multicast Address would be 233.84.40.0/24 for company X.

Private Multicast Address

--> Source-Specific Multicast address range is reserved with 239.0.0.0/8

--> It is similar to a Private IP address in IPv4 address.

--> It is also known as administratively scoped address.

--> Traffic is never routed on the Internet.

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

Access-List Interview Questions

 April 24, 2015  Interview Questions  4 comments

Access-List Interview Questions

Q) What is Access-List?

A: Access-List is a method of providing basic level of network security

Q) What is the Function of Access-List?

A:  Access-List is going to Filter incoming as well as outgoing traffic on the router interface.

Q) What is the Default Wildcard Mask for Access-List?

A: Default Wild Card Mask for Access-List is 0.0.0.0

https://www.kareemccie.com/search/label/Interview Questions 40/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Q) How many Access-List's can be created on the router?

A: --> 1 per Interface

    -->  1 per Direction

   -->    1 per Protocol

Q) What are the advantages of Standard ACL?

A:  1) Simple Packet Filtering Purpose

      2) Limiting Access on VTY lines

     3) Route Filtering

     4) NAT

     5) Route- MAPs

Q) What are the advantages of Extended ACL?

A:  1) Complex Packet Filtering Purpose

     2) Route Filtering

     3)VPN

https://www.kareemccie.com/search/label/Interview Questions 41/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

     4)TCP Intercept

     5) IOS Firewall

Q) What is the difference between Standard ACL and Extended ACL?

A: 1) Standard ACL only checks Source IP address, Extended ACL checks Source IP, Destination
IP           and Protocol also for filtering traffic.

     2)  Standard ACL can be created using number (1-99,1300-1399) and Extended ACL can be        
             created using number(100-199,2000-2699).

    3)   Two way communication is blocked in Standard ACL, One way communication is stopped
in              Extended ACL.

    4)   Standard ACL implemented near to destination, Extended ACL implemented near to Source.

Q) What is the difference between Numbered ACL and Named ACL?

A:  1) Numbered ACL is created by using number, Named ACL is created by using name,

      2) Removing of specific statement is not possible in Numbered ACL, It is possible in Named  

                ACL.

Q) What is the difference between IPV4 ACL and IPV6 ACL?

A: 1) No standard ACL in IPV6

    2) No wildcard mask in IPV6 ACL

    3) In IPV6 only Named ACL's are available,there is no numbered ACL.

Q) What is the difference between Access-group and Access-class command?

A:  Access-group command is used to Filter traffic on the Interface ( Ethernet, Serial).

      Access-class command is used to Filter traffic on Lines (Vty, Console,aux).

Q) What is the default action of ACL, if no condition matches in ACL?

A:  Drop traffic
https://www.kareemccie.com/search/label/Interview Questions 42/46
4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Q) Access Control Lists are Case-Sensitive or Case-Insensitive?

A: Case Sensitive

Q) Which Traffic is not filtered by ACL?

A: Traffic that is generated by the router itself, ACL is going to filter only transit traffic.

Read More

Share This:    Facebook  Twitter  Google+  Stumble  Digg

Home Older Posts

SEARCH

Do Not Copy Content

Follow me on Linkedin

Mahmmad Kareemoddin

Mahmmad Kareemoddin
Network Security Consultant & F5
Expert
Hewlett Packard Enterprise | SR Engineering
College

View profile

https://www.kareemccie.com/search/label/Interview Questions 43/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Pages

Home

DISCLAIMER

Terms & Conditions

PRIVACY Page

CONTACT US

Followers

Followers (254)
Next

Popular Posts

How to perform Configuration

Backup/Restore in Palo Alto
Firewall
Palo Alto Configuration Backup Step1: Navigate
to Device > Setup > Operations after login into
palo alto firewall. Step2:  ...

Differences between IKEv1 and IKEv2

Differences between IKEv1 and IKEv2 --> IKEv2
is an enhancement to IKEv1. --> IKEv2 does not
consume more bandwidth compared to I...

What is DHCP Option 43 and Option 60

--> We basically use DHCP option 43 and
option 60 in wireless networks for Access
 Points and Controllers. --> Option 43 helps an
A...

What is FlexConnect?
--> Flex Connect is a wireless
solution which allows you to

https://www.kareemccie.com/search/label/Interview Questions 44/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

configure & control access points in

remote/branch offices without confi...

What is the difference between VSS and vPC?

Basically VSS and Vpc both are used to create
multi chasis etherchannel 1) vPC is Nexus
switch specific feature,however,VSS is created
u...

HSRP Interview Questions

Q) What is the use of HSRP? A:
HSRP is used to provide default
gateway redundancy. Q) What is the maximum
number of HSRP groups that c...

Cisco Access Point Modes

--> Cisco Access Points operates in
different modes, depending upon the
requirement we need to select appropriate mode
of Access Point. ...

vPC Failure Scenarios

 Following are the failure scenarios
we are going to discuss below: 1) 
vPC Keep-Alive Link is Down --> Nothing
happens if the Keep-Alive...

MPLS Interview Questions

Q) What is MPLS? A: MPLS is a forwarding
mechanism which allows the router to
forwarding packets based upon labels instead of
IP Address....

HSRP States
1) Initial State: When the Interface goes in up
state. 2) Learn State: The router is trying to
learn Virtual IP address 3) Listen State...

Menu

Security

Wireless

https://www.kareemccie.com/search/label/Interview Questions 45/46

4/15/22, 4:32 PM Network & Security Consultant: Interview Questions

Voice

Data Center

Interview Questions

F5

Switching

Troubleshooting

About Me

Kareem

View my complete profile



https://www.kareemccie.com/search/label/Interview Questions 46/46