Q&A for Initial Screening

1. What is IP Fragmentation and why is required?

A. IP fragmentation is an Internet Protocol (IP) process that breaks packets into smaller pieces
(fragments), so that the resulting pieces can pass through a link with a smaller maximum
transmission unit (MTU) than the original packet size. The fragments are reassembled by the
receiving host.
2. What is the importance of TTL value?
A. t defines how long a packet can travel in the network. It is the number of hops that the IP
datagram will go through before being discarded. At every hop, the TTL value is decremented by
1. When this field becomes zero, the datagram is discarded. This behavior helps prevent routing
loops.
3. What is MTU (Maximum Transmission Unit)?
A. The maximum transmission unit (MTU) of an interface tells Cisco IOS the largest IP packet that
can be forwarded out on that interface.
4. What is DHCP and DORA process?
A. Dynamic Host Configuration Protocol used for automatic assignment of IP Settings,
DORA process is
Discover
Offer
Request
Acknowledgement
5. How many well-known TCP control Flags are there in TCP header?
A. 6 Well Known control Flags
SYN- Synchronize
ACK- Acknowledgement
RST- Reset
FIN- Finish
PSH- Push
URG- Urgent
6. What is the difference between PUSH and URG flag?
A. The PSH flag in the TCP header informs the receiving host that the data should be pushed up to
the receiving application immediately.

The URG flag is used to inform a receiving station that certain data within a segment is
urgent and should be prioritized.
7. What is the importance of Sequence Number and Acknowledgement Number?
A. Sequence Number is a 32-bit field which indicates the amount of data that is sent during a TCP
session.
Acknowledgement number is used to acknowledge the received data and is equal to the
received sequence number plus 1.
8. What are the differences between HTTP and HTTPS?
A. HTTP stands for Hypertext Transfer Protocol, and it is a protocol – or a prescribed order and
syntax for presenting information – used for transferring data over a network. Most information
that is sent over the Internet, including website content and API calls, uses the HTTP protocol.

First Phase Training & Placements #501 & 502, 5th Floor, Mahindra Residency, Ameerpet, Hyderabad - 500038.Website: www.firstphase.in 8989988999
 HTTPS is HTTP with encryption. The only difference between the two protocols is that HTTPS
uses TLS (SSL) to encrypt normal HTTP requests and responses. As a result, HTTPS is far more
secure than HTTP.
9. What are the port numbers does HTTP and HTTPS use?
A. HTTP- TCP 80
HTTPS – TCP 443
10. What is the Protocol and Port number IPSEC IKEV1 uses for establishing the phase 1 tunnel?
A. ISAKMP- Internet Security Association Key Management Protocol uses UDP 500
11. What are the Protocols IPSEC uses for Phase 2 tunnel and their protocol numbers?
A. AH- Authentication Header – IP 51
ESP- Encapsulation Security Payload – IP 50
12. What is the main difference between GRE and IPSEC tunnels?
A. IPSEC offers Encryption, Authentication and Confidentiality – Secure
GRE just encapsulates the payload with a GRE header and sends the data in clear text –
Unsecure.
13. What is the Port Number DHCP uses?
A. UDP 68 for client
UDP 67 for Server
14. What is DNS and the port number it uses?
A. DNS is Domain Name Server or Domain Name System, used to map IP addresses to hostnames
or hostnames to IP addresses. It uses 53 UDP/ TCP.
15. What is VPN?
A. Virtual Private Network (VPN) creates a secure network connection over a public network such
as the internet. It allows devices to exchange data through a secure virtual tunnel. It uses a
combination of security features like encryption, authentication, tunneling protocols, and data
integrity to provide secure communication between participating peers.
16. What is Authentication, Confidentiality & Integrity?
A. Authentication - Verifies that the packet received is from the claimed sender. It verifies the
authenticity of the sender. Pre-shared Key, Digital Certificate are some methods that can be
used for authentication.

Integrity - Ensures that the contents of the packet have not been altered in between by man-in-
middle. Hashing Algorithm includes MD5, SHA.

Confidentiality. - Encrypts the message content through encryption so that data is not disclosed
to unauthorized parties. Encryption algorithms include DES (Data Encryption Standard), 3DES
(Triple-DES), AES (Advanced Encryption Standard).
17. What is Symmetric and Asymmetric Encryption?
A. In symmetric encryption, a single key is used both to encrypt and decrypt traffic. It is also
referred to as a shared key or shared secret encryption. Symmetric encryption algorithms
include DES, 3DES, AES.

In Asymmetric encryption, two keys are used to encrypt and decrypt traffic, one for encryption
and one for decryption. The most common asymmetric encryption algorithm is RSA.

First Phase Training & Placements #501 & 502, 5th Floor, Mahindra Residency, Ameerpet, Hyderabad - 500038.Website: www.firstphase.in 8989988999
 18. What is IPsec VPN?
A. IP Security Protocol VPN means VPN over IP Security. It allows two or more users to
communicate in a secure manner by authenticating and encrypting each IP packet of a
communication session. IPsec provides data confidentiality, data integrity and data
authentication between participating peers.
19. At which layer IPsec works?
A. IPsec secures IP traffic at the Layer 3 (Network Layer) of the OSI model.
20. What is the major drawback of IPsec?
A. IPsec only supports unicast IP traffic and doesn’t support multicast traffic.
21. What is the difference between Transport and Tunnel mode?
A. Tunnel mode - Protects data in network-to-network or site-to-site scenarios. It encapsulates and
protects the entire IP packet-the payload including the original IP header and a new IP header
(protects the entire IP payload including user data).
Transport mode - Protects data in host-to-host or end-to-end scenarios. In transport mode,
IPsec protects the payload of the original IP datagram by excluding the IP header (only protects
the upper-layer protocols of IP payload (user data)).
IPsec protocols AH and ESP can operate in either transport mode or tunnel mode.
22. What are the three main security services that IPSec VPN provides?
A. IPSec offers the following security services:
1.Peer Authentication.
2.Data confidentiality.
3.Data integrity.
23. Define Digital Signatures?
A. A digital signature is an attachment to an electronic message used for security purposes. It is
used to verify the authenticity of the sender.
24. What are HTTP Request Methods?
A. GET
HEAD
POST
PUT
DELETE
CONNECT
25. What is PFS in IPSEC?
A. Perfect Forward Secrecy (PFS) is a method for deriving fresh Phase 2 keys independent from
previous keys. Perfect Forward Secrecy (PFS) forces the peers to generate new shared secret
during the Phase 2 (Quick Mode) message exchange.
26. What is Diffie-Hellman Group?
A. Diffie-Hellman Groups are used to determine the strength of the key used in the Diffie-Hellman
key exchange process. Higher Diffie-Hellman Group numbers are more secure, but Higher Diffie-
Hellman Groups require additional processing resources to compute the key.
27. What is Static NAT and Dynamic NAT?
A. Static NAT is one-to-one mapping between Private IPv4 Addresses and Public IPv4 Addresses.
Static NAT requires having one public IPv4 address for every Private IPv4 Addresses in inside
network.

First Phase Training & Placements #501 & 502, 5th Floor, Mahindra Residency, Ameerpet, Hyderabad - 500038.Website: www.firstphase.in 8989988999
 In Dynamic NAT, when a computer from "Inside Network" sends an IP Datagram to "Outside
Network", the NAT device translates the source IP address with a public IP address and
forwarded to the public network. Available public IP addresses are configured as a pool of IP
addresses.
28. What is PAT?
A. Port Address Translation (PAT) is another type of dynamic NAT which can map multiple Private
IPv4 addresses to a single public IP address by using a technology known as Port Address
Translation. Port Address Translation (PAT) is also called as NAT Overloading. Port Address
Translation (PAT/NAT Overload) is the NAT technology which prevents IPv4 Address depletion.
29. What is a TCP Window?
A. A TCP window is the amount of unacknowledged data a sender can send on a particular
connection before it gets an acknowledgment back from the receiver, that it has received some
of the data.
30. What Is the Difference Between Stateful & Stateless Firewall?
A. Stateful firewall - A Stateful firewall is aware of the connections that pass through it. It adds and
maintains information about users’ connections in state table, referred to as a connection table.
It than uses this connection table to implement the security policies for users’ connections.
Example of stateful firewall are PIX, ASA, Checkpoint.

Stateless firewall - (Packet Filtering) Stateless firewalls on the other hand, does not look at the
state of connections but just at the packets themselves. Example of a packet filtering firewall is
the Extended Access Control Lists on Cisco IOS Routers.

31. What information does the Stateful Firewall maintain?

A. A Stateful Firewall maintains the following information in its state table:
• Source IP address
• Destination IP address
• IP protocol, like TCP or UDP
• IP protocol information such as TCP/UDP port numbers, TCP sequence numbers, and
TCP Flags.
32. What is ARP?
A. The purpose of Address Resolution Protocol (ARP) is to resolve an IPv4 address (32-bit Logical
Address) to the corresponding physical address (48-bit MAC Address).
33. What is G- ARP?
A. Gratuitous ARP is a special ARP (Address Resolution Protocol) reply that is not a response to an
ARP request. A Gratuitous ARP reply is a reply to without an ARP request. No reply is expected
for a Gratuitous ARP.
34. What is DoS Attack?
A. The idea of DOS attack is to reduce the quality of service offered by server, or to crash server
with heavy workload. DoS (Denial of Service) attack does not involve breaking into the target
server. This is normally achieved by either overloading the target network or target server, or by
sending network packets that that may cause extreme confusion at target network or target
server.
35. What is Certificate Authority?

First Phase Training & Placements #501 & 502, 5th Floor, Mahindra Residency, Ameerpet, Hyderabad - 500038.Website: www.firstphase.in 8989988999
 A. Certificate Authority (CA) is a trusted entity that issues Digital Certificates and public-private key
pairs. The role of the Certificate Authority (CA) is to guarantee that the individual granted the
unique certificate is, in fact, who he or she claims to be. The Certificate Authority (CA) verifies
that the owner of the certificate is who he says he is. A Certificate Authority (CA) can be a
trusted third party which is responsible for physically verifying the legitimacy of the identity of
an individual or organization before issuing a digital certificate.
36. What is SPI in IPSEC?
A. The Security Parameter Index (SPI) is a very important element in the SA. An SPI is a 32-bit
number that is used to uniquely identify a particular SA for any connected device.

A Security Association (SA) is an agreement between two devices about how to protect
information during communication.

First Phase Training & Placements #501 & 502, 5th Floor, Mahindra Residency, Ameerpet, Hyderabad - 500038.Website: www.firstphase.in 8989988999