NOC Engineer Interview Questions and Answers

Ques 1. Name the feature offered by a Cisco Firewall to shield the network against TCP Syn Flood
Attacks?
TCP intercept feature.

Ques 2. Name the feature on a firewall that can be used to block a website or a specific URL?
URL Filtering.

Ques 3. Name a security solution that can be configured to assign User Based Authentication to the
users on a LAN Network?
Proxy firewall.

Ques 4. There is a requirement to setup virtual private network (VPN) for remote users. Following
are the key objectives -
 Users in roaming across other customer locations require this service
 The VPN gateway should require the use of Internet Protocol Security (IPSec).
 All remote users must use IPSec to connect to the VPN gateway.
Which IPSec mode should you use?
Remote Access VPN (Client to Site)

Ques 5. Name the command used to determine connectivity between client and server.
“Ping” Command

Ques 6. What do you understand by default time-frame of Ping Timeout on Windows system?
The default time-frame of Ping Timeout is 4 seconds. The adjustment of the timeout value can be done
with the help of -w option. While executing the Ping Command, the adjustment in the amount of time
can be done in milliseconds. The Ping waits for every reply and if -w option has not been put into use,
then default timeout value is used i.e. 4000 or 4 seconds.

Ques 7. How is the traceroute function different on Linux/Unix and on Windows?

One key difference is that while functioning on Linux/Unix ‘traceroute’ employs User Datagram
Protocol (UDP) packets onto a random port number with a higher value. On the other hand, Microsoft
Windows employs Internet Control Message Protocol (ICMP) packets. This key difference is one of the
primary reasons why traceroute function sometimes fails.

Ques 8. What do you understand by ‘nslookup’ function tool?

‘Nslookup’ is a form of command-line tool that is meant for network administration. It is used in
different types of computer operating systems in order to enquire about DNS (domain name system) to
get access to domain name, IP address mapping, and other sorts of DNS records.
Below is an example –

Step 1 –
Open command prompt on Windows OS and issue following command - nslookup ipwithease.com
Step 2 –
Below output is generated on command prompt -
Server: resolver1.abc.com
Address: 206.165.111.12
Name: ipwithease.com
Address: 139.86.47.5

From this, we can see that ipwithease.com is currently pointing to IP address 139.86.47.5. Also, that
DNS server resolver1.abc.com is used for the query.

Ques 9. What will you do in a situation where WAN Link of the Router goes down?
There can be one or more reasons for the failover.
 Firstly, it is essential to understand the precise reason whether it is physical or protocol issues.
Physical problem needs to be rectified manually.
 If it is a protocol issue then there can be any reason including encapsulation mismatch,
improper access control, non-configuration of clock rate, MTU or duplex mismatch, etc. and
handle it accordingly.

Ques 10. Please explain what so you understand by the term BGP?
The term BGP denotes Border Gateway Protocol and it handles the exchange of routing information
between autonomous systems existing over the Internet. It is also termed as a standardized variant of
exterior gateway protocol. eBGP and iBGP are both flavors of BGP protocol.

Ques 11. How do you plan to resolve a BGP neighbour issue when “hold time expired” notification is
displayed?
A “hold time expired” notification is commonly released when BGP peers flap. In case reachability
fluctuates or breaks to a preset BGP neighbour, it subsequently goes down, but not before the hold
time expires. In order to curb this problem, you are required to fix BGP peering. Some of the probable
causes associated with it include unicast drop, MTU, misconfiguration in BGP process, SP circuit down,
etc.

Ques 12. As NOC analyst, how can one access a layer 2 switch right from a remote location?
In order to successfully reach a layer 2 switch distantly, a management switch virtual interface (SVI) is
needed with an adequate Telnet/SSH access. Meanwhile, the IP address of switch virtual interface
must be accessible during the whole course of time.

Ques 13. What is the implication of variable IP-OSPF-Transmit-Delay?

If OSPF (Open Shortest Path First) is configured over low bandwidth links, and IP-OSPF-Transmit Delay
is implicated to enhance the time frame of the age field of a LSA (link-state advertisement) update. It is
generally preset to 1 second by default and, must be included prior to the transmission over a link in
order to ensure its effectiveness.

Ques 14. Define what do you understand by TCP/IP?

The term TCP/IP is used to define Transmission Control Protocol over Internet Protocol, as it controls
the connection establishment between the computers. It plays the role of a highway for the data
packets to get dispatched back and forth used by assorted protocols such as FTP or HTTP. Besides, TCP
also helps in categorizing out data packet receive order.

Ques 15. What do you understand by the term VLAN?

VLAN or Virtual Local Area Network is typically set at the data link layer of open system
interconnections (OSI) model. The primary role of this logical network is to logically separate entities
within the same office environment and keep applications or departments distinct from the physical
network. A Virtual LAN represents a broadcast domain. These are identified by a VLAN ID (up to 4096),
and the default VLAN is VLAN 1.
Ques 16. Define the term ‘Proxy’?
Proxy are basically the servers specifically designed to filter the network traffic to restrict access to
particular websites and keep an eye over user’s activity on the web. These servers also conceal origin IP
address from the external networks. For instance, the IP address of your computer would be unique to
local network, but people over the Internet will see it differently as allotted by the proxy server.
Further, Proxy functions upto layer 7 of OSI model and is meant to work at application level like HTTP
and FTP

Ques 17. Suppose a host computer fails to reach over a local network with the host name but
successfully reach it by an IP address, where do you think the problem persists?
The problem is commonly caused by Domain Name System (DNS) configuration. The probability in one
such situation is that the host name is not incorporated to Domain Name System server, due to which
the network fails to recognize the same. That is the reason why it is only accessing the network via IP
address locations.

Ques 18. What do you understand by the term DNS?

Domain Name System or simply DNS delivers a database association by several information concerned
to domain entities. For instance, there is an IP address provided for every computer existing on the
physical network and then translated by the DNS server into a host name. So, rather than typing the
entire IP address to access a computer network, you can simply provide the host name and rest of the
routing will be handled by DNS. The website names function on the same principle.

Ques 19. What do you understand by the term ‘Network Switch’?

A Network Switch is a device that facilitates multiple devices to connect as well as share data. It
operates at the data link layer (layer 2) of the OSI model and forwards a message to a specific host
unlike a hub. A switch sends a message to another host on the same network based on the mac adder.
A Switch creates a CAM table which includes, VLAN, port and corresponding MAC Address associated
with the port number. Key functions of layer 2 switch are -
 Address Learning
 Forward/Filter decisions
  Loop Avoidance

Ques 20. As NOC monitoring and analyst, how would you track the up time in Cisco router/switch?
Telnet/ SSH the CLI session and simply use the command “sh version” in order to display the uptime.

Ques 21. What do you understand by default gateway IP?

In basic terms, default gateway is the device in a computer network where host machine will send
traffic in case the destination is not within the same LAN subnet. Default Gateway needs to be
configured on the Host machine. It is noteworthy that the default gateway IP will function the role of
forwarding host (router) redirecting to other networks in case no other route matches with the
destination IP address provided.

Ques 22. What do you understand by the term ‘Trunking’?

It is a form of networking system that renders access to multiple VLANs without the requirement to run
separate connections for each VLAN. Trunk ports are used in case of switch to switch communication
or switch to Router (Router on a stick). Trunks are used to carry multiple Vlans across devices and
maintain VLAN tags in Ethernet frames for differentiating between different Vlans.
Using the “Switchport mode trunk” command forces the port on a cisco switch to be trunk port.
In most of Cisco switches, switchports are configured in “dynamic desirable” mode by default. This
means if we connect devices, it will negotiate to form a trunk.
Ques 23. Which are the 3 key layers of fiber optic?
The 3 key layers of Fiber Optic are -
 Fiber (includes core and cladding)
 Buffer
 Outer jacket

Ques 24. What do you know about EIGRP Convergence Time?

Enhanced Interior Gateway Routing Protocol or EIGRP convergence time denotes for how long a
router will reckon a host alive in absence of receiving data packets from its end. The best thing is that
the adjustments in the settings can be made right from inside the router.
EIGRP Hold timers for –
LAN = 15 seconds
WAN = 180 seconds
Ques 25. How can we verify the delay and routing of packets between the two locations?
You can perform traceroute test in order to test the strength of connectivity and the packet delay time
over an IP address. The test can easily be run by CMD command “tracert” to observe each node jump
and the time interval taken by the information to reach each route.

Ques 26. How can you determine which PC and what Port number is it connected to a network
switch?
This can be achieved by 1st using ARP on Layer3 Device or other PCs in LAN to view IP address and
corresponding MAC address of the desired PC. Next, verify which port number is learning the desired
PC MAC Address by using “show mac address-table” command on Layer 2 Switch.

Ques 27. Suppose the WAN link of a router goes down, and you are not receiving any notification or
alert regarding the same. What could be the problem behind it?
Simple Network Management Protocol (SNMP) or appropriate Syslog configuration is required to
attain notification of a link failure. To get advanced notification or alert management, there are
network management tools that can be readily configured to track down such notifications.

Ques 28. One of the ports in 8 port EtherChannel goes down. What will happen?
It is a fact that the total bandwidth in an EtherChannel interface is based on the total number of active
member links existing on the interface. An EtherChannel comprising 8 active links of 100 Mbps indicate
an overall bandwidth of 800 Mbps. If one of the physical ports goes down, the available bandwidth on
the interface be calculated as 700 Mbps. It is calculated without flapping the concerned port channel.

Ques 29. How can you troubleshoot the problem of a high CPU utilization existing in a router?
It is a symptom of router malfunctioning.
 Firstly, it is essential to identify the exact cause behind increased CPU utilization.
 You can apply “show interface stat”, “show processes CPU” commands in order to verify the
process utilizations.
 Some of the key reasons could be the congestion resulted due to high traffic flow, VPN
deployments or complex ACL, TCP/ARP issues, etc.

Ques 30. Is attaining CRC errors over MPLS WAN Links a routine thing?
If it is below 1% of the entire traffic with no packet drop then it is a routine thing. If it is over 1% of the
entire traffic interface then it is essential to resolve the link issues. The most genuine reason for CRC
errors is the duplex setting, where the providers function on “auto” mode interface.

Ques 31. Define Route Poisoning?

Route Poisoning is basically the process of stopping routers from dispatching data packets via routes
that are no longer the part of the network. The process helps in eliminating undesired routes from
routing table, by informing the other routers regarding the presence of non-existent or invalid routes.
The process prevents the sending of undesired data packet over the concerned network.

Ques 32. Please define the steps of a 3 Way Handshake?

A 3 Way Handshake involves the following steps-
Step 1. Synchronize request sent by the Client. (SYN)
Step 2. Synchronize Request as well as Acknowledgement is responded back by the Server. (SYN, ACK)
Step 3. The Client responds back with an Acknowledgement. (ACK)
Ques 33. Define WHOIS command and its usage.
WHOIS is meant to search an object within a WHOIS database. It is basically an enquiry and response
protocol with an extensive usage for exploring the databases containing registered users related to an
Internet resource. Some of these common registered users include an IP address block, a domain
name, etc. Additionally, it is utilized for a wider range of other details.

Ques 34. What is the key utilization of Nbtstat command?

Nbtstat is a type of diagnostic tool used for NetBIOS on TCP/IP. The tool is inclusive to various versions
of MS Windows. The role of nbtstat -A < IP address > command executes the function by making a use
of a target Internet Protocol (IP) address instead of a name. The tool has been designed to solve
problems with NetBIOS name resolution. (nbt is short form of NetBIOS over TCP/IP.)

Ques 35. What do you understand by the log message- “%OSPF-5-NBRSTATE: ospf-1 [5330] Process
1, Nbr 10.3.3.14 on Vlan44 from FULL to EXSTART, BADSEQNUM OSPF” ?
The log message is generated when an OSPF DBD exchange process employees a bad sequence
number for the effective synchronization of the database with it’s neighbours. The bad sequence leads
packet exploitation or packet loss.

Ques 36. What is required to be done, if my BGP neighbour is in active state or stuck in idle?
In case BGP peer is in an idle state then the result could be because of the physical connectivity failure
or rather neighbour is not simply defined with respective AS. When it is in connect state, BGP ensures
the establishment of a TCP session over the port number 179, in case it fails the establishment of TCP
connection. In that case, it navigates to Active state and subsequently retries the establishment of TCP
connection. With the help of debug ip bgp as well as debug ip tcp transactions commands, it would be
much easier to trace out the precise reason behind TCP connection failure. The lack of “ebgp-multihop”
or “update-source” command can also be a key reason for the active state of neighbour.

Ques 37. In order to make decisions, which of the fields in a packet does a Network Layer Firewall
refer to?
IP as well as transport layer headers in order to fetch information associated with the source and port
numbers, destination IP addresses, etc.

Ques 38. Name the main field within an IP Header modified by NAT Firewall using NAT overload?
It is the source IP address within the IP header.
Ques 39. What is the process of performing Password Recovery within a Switch?
Below is the step by step procedure for password recovery on a switch-
a) Unplug the power cable.
b) Hold down the mode button located on the left side of the front panel, while reconnecting the
power cord to the switch. You can release the mode button a second or two after the LED
above port 1x is no longer illuminated.
c) The system has been interrupted prior to initializing the flash file system.
The following commands will initialize the flash file system, and finish loading the Operating
system software:
flash_init
load_helper
boot
d) Type flash_init.
e) Type load_helper.
f) Type dir flash:.
!— Make sure to type a colon “:” after the dir flash
The switch file system is displayed:
Directory of flash:
2 -rwx 843947 Mar 01 1993 00:02:18 C2900XL-h-mz-112.8-SA
4 drwx 3776 Mar 01 1993 01:23:24 html
66 -rwx 130 Jan 01 1970 00:01:19 env_vars
68 -rwx 1296 Mar 01 1993 06:55:51 config.text
1728000 bytes total (456704 bytes free)
g) Type rename flash:config.text flash:config.old to rename the configuration file. This file
contains the password definition.
h) Type boot to boot the system.
Enter N at the prompt to start the Setup program, Continue with the configuration dialog?
[yes/no]: N
At the switch prompt type en to turn on enable mode.
i) Type rename flash:config.old flash:config.text to rename the configuration file with its original
name.
j) Copy the configuration file into memory:
Switch# copy flash:config.text system:running-config
Source filename [config.text]? (press Return)
Destination filename [running-config]? (press Return)
The configuration file is now reloaded.
k) Change the password:
switch#configure terminal
switch(config)#no enable secret
!– This step is necessary if the switch had an enable secret password
switch(config)#enable password Cisco
switch#(config)#^Z
!–Control/Z
Write the running configuration to the configuration file:
l) switch#write memory

Ques 40. In which layer of the OSI model, a gateway functions?

A gateway functions upto Layer 4 (Transport Layer) of the OSI model.
Ques 41. How many layers are present in the OSI reference model? Also mention the names.
There are basically 7 layers present in an OSI reference model. They are named as
 Physical layer
 Network layer
 Data link layer
 Transport layer
 Presentation layer
 Session layer
 Application layer.

Ques 42. What is the difference between the terms ‘forward lookup’ and ‘reverse lookup’ within
DNS?
The process of converting names into IP addresses is known as forward lookup, whereas, the process
of resolving IP addresses into names is known as reverse lookup.

Ques 43. What do you understand by the term ‘cross cable’?

It is a form of connection established in between the same kinds of devices without effective use of a
hub/switch in order to communicate. Crossover Cables are more like Straight-Through cables with
exception that TX and RX lines are both crossed (they are at opposite positions on the cable).
Ques 44. What is the meaning of MTTR and MTBF?
MTTR is abbreviation for Mean time to repair. It is the average time it takes to repair a device. For
example, you could use MTTR to describe the time it takes to bring a switch or router back to full
operation after a component fails.
MTBF is abbreviation for Mean time between failures. It is a measure of how reliable a hardware
product or component is. In General scenario, the value of MTBF is typically in thousands or even tens
of thousands of hours between failures.
Below is the formula to calculate availability of a device using MTBF and MTTR as reference parameters

Ques 45. What do you understand by the term ‘backbone network’?

A backbone network is basically a centralized, high capacity infrastructure designed in order to
distribute various routes and data to different networks. It is the main link to different access networks.
Additionally, it also manages bandwidth and diverse channels.

Ques 46. Define a router and its basic roles?

A router is a form of layer 3 network device applied to establish the communication in between various
networks. Some of the key roles of a router include
 inter-network communication
 packet forwarding
 best path selection
 packet filtering

Ques 47. Mention the criteria meant for best path selection in a router?
Below is the path selection criteria -
 Longest prefix match
 Minimum AD value (administrative distance)
 Lowest metric value
Ques 48. What do you understand by the term ‘anonymous FTP’?
Anonymous FTP is basically a way of granting the access to a user to the files located in public servers.

Ques 49. How would you differentiate ‘standard’ and ‘extended’ ACL (access control list) from one
another?
Standard Access Control Lists are source-based, on the other hand, Extended Access Control Lists are
source- and destination-based.

Ques 50. What do you understand by NIC?

NIC (Network Interface Card) is a form of peripheral card that can be attached to a computer in order
to link it to a network. We may call it network adapter, Physical network interface, and sometimes LAN
adapter. Every Network Interface Card comprises of its own MAC address assisting in identifying the
computer over the network. Below picture depicts an inbuilt NIC of Laptop which accepts Ethernet
cable.

Source: https://community.fs.com/