This blog is about CCNA, CCNP, CCIE, Software Testing, Scripting, Networking & Security, Virtualization, Kubernetes, Cloud and Certifications.
Wednesday, March 18, 2015
Tuesday, March 17, 2015
VPN Fundamentals Interview Questions
1. Two sites are connected using a VPN Tunnel. Which of the following is true.
a. ALL data flowing between the sites are encrypted.
b. Only TCP packets are allowed on VPN Tunnels.
c. Only IP packets are allowed on VPN tunnels.
d. None of the above.
b. Only TCP packets are allowed on VPN Tunnels.
c. Only IP packets are allowed on VPN tunnels.
d. None of the above.
2. Two sites are connected using a VPN Tunnel through which systems on the different network communicate. Where is the VPN client required to be installed?
a. VPN Clients are required to be installed on the systems.
b. VPN Clients are not required to be installed on the systems.
c. The VPN routers would automatically install the agents silently on the systems.
d. None of the above.
b. VPN Clients are not required to be installed on the systems.
c. The VPN routers would automatically install the agents silently on the systems.
d. None of the above.
3. Where are the session keys which would be used for data encryption over the VPN tunnel pre-configured on a remote access VPN architecture?
a. The session keys are pre-configured on the VPN client.
b. The session keys are pre-configured on the VPN router to which the client establishes connectivity.
c. The session keys are pre-configured on both the client and the VPN router
d. The session keys are derived dynamically for each session.
b. The session keys are pre-configured on the VPN router to which the client establishes connectivity.
c. The session keys are pre-configured on both the client and the VPN router
d. The session keys are derived dynamically for each session.
4. A remote access client establishes VPN connection with the remote VPN router. It is observed that the client is unable to access internet. What is the generic issue
a. All traffic would be routed through the VPN tunnel.
b. This is not an issue but is how remote access vpns work.
c. Split tunneling is not configured.
d. None of the above.
b. This is not an issue but is how remote access vpns work.
c. Split tunneling is not configured.
d. None of the above.
5. During which phase of IPSEC Tunnel negotiation is the keys derived for data encryption.
a. Phase 1
b. Phase 2.
c. Phase 3.
d. None of the above.
b. Phase 2.
c. Phase 3.
d. None of the above.
6. Two sites are connected using a site to site VPN tunnel. Is routing required to be configured on the routers for communication?
a. Yes
b. No
c. Not required if internet communication is available.
b. None of the above.
b. No
c. Not required if internet communication is available.
b. None of the above.
7. In a SSL VPN architecture, where are the session keys stored?
a. On the browser.
b. On the VPN server
c. On the SSL VPN client software.
d. The keys are derived dynamically.
b. On the VPN server
c. On the SSL VPN client software.
d. The keys are derived dynamically.
Interview questions on VLAN
Question -1
How many untagged VLAN’s can a switch port be a member of
a)1
b)Unlimited
c)4096
d)Dependent on the capacity of the switch
a)1
b)Unlimited
c)4096
d)Dependent on the capacity of the switch
Question -2
On a switch, port 1 and port 2 are configured as members of vlan 2 and vlan 3 respectively. Which of the following is true
a)Broadcast traffic initiated on port 1 will not be available on port 2
b)Unicast traffic initiated on port 1 will be available on port 2
c)Broadcast traffic initiated on port 1 will be available on port 2 if a router is configured.
d)All of the above
b)Unicast traffic initiated on port 1 will be available on port 2
c)Broadcast traffic initiated on port 1 will be available on port 2 if a router is configured.
d)All of the above
Question -3
What additional device is required for communication between two PC’s on same VLAN
a)Router
b)Layer 3 switch
c)Default gateway
d)No additional device is required
b)Layer 3 switch
c)Default gateway
d)No additional device is required
Question -4
An IP address is required for TCP communication between two computers residing on the same VLAN.
a)True
b)False
b)False
Question -5
How many VLAN’s can be configured on a switch
a)4096
b)2048
c)Number of ports on the switch
d)Based on the switch design
b)2048
c)Number of ports on the switch
d)Based on the switch design
Question -6
Which feature can be used to carry all VLAN traffic on one link from a switch to a router
a)Trunking
b)Pruning
c)LACP
d)None of the above
b)Pruning
c)LACP
d)None of the above
Question -7
Which of the following would be unavailable in a 802.1q tagged frame
a)Source mac-address
b)Destination mac-address
c)802.1q tag
d)None of the above
b)Destination mac-address
c)802.1q tag
d)None of the above
Question -8
PC1 and PC2 are connected to port 1 and port 2 of a switch. Port 1 and Port 2 are members of VLAN 1 and VLAN 2 respectively. A router is also configured, with VLAN 1 IP address as 192.168.1.1/24 and VLAN 2 IP address as 192.168.2.1/24 and connected to the switch with trunking enabled. What should be the default gateway on PC1 for it to access PC2.
a)192.168.2.1
b)192.168.1.1
c)A default gateway need not be explicitly configured since a router is available
d)Management IP address of vlan 1
b)192.168.1.1
c)A default gateway need not be explicitly configured since a router is available
d)Management IP address of vlan 1
ARP Interview Questions
1.What is the destination mac-address of an ARP request frame
Broadcast
2.Is ARP used on a PPP link
No
3.Does ARP contain an IP header
ARP is a layer 2 protocol. It does not use IP header.
4.What does a switch do when it receives an ARP request frame on one of its ports
It adds the source port to its mac-address-table and broadcasts the frame out to all ports.
5.Would an ARP request frame generated on a port which is member of VLAN 2, be received on a port which is a member of VLAN 3
ARP is a layer 2 broadcast. VLAN’s are used for segregating broadcast domains. So it would not be received.
6.Can an ARP packet cross IP networks
ARP is a layer 2 broadcast. It cannot traverse across IP networks.
7.If an ARP entry is available on the local cache of a computer, would an ARP request be triggered
No. The computer would first check its ARP entry before sending out an ARP request frame.
8.Explain how an ARP packet is triggered on a computer
Assume that a user on a computer pings another computer on the same network. For the ping packet to be sent to the other computer, it has to be encapsulated on an Ethernet frame. For constructing the frame, the mac-address of the destination is needed. The computer checks its ARP cache if the corresponding ARP entry for the destination computer is available. If not an ARP request is sent out.
9.Does a hub support ARP
If the hub works on mediums like Token Ring, Ethernet etc, then ARP would be supported.
10.3 switches SW1, SW2 and SW3 are interconnected and STP deployed on the switches. PC1 is on SW1 PC2 is on SW2 and PC3 is connected to SW3. All the PC’s are on the same network address of 192.168.1.0/24. PC1 triggers ARP to find the mac-address of PC3. Will the ARP packet reach the PC3
All the PC’s are on the same network address. The PC’s are on 3 switches which makes it one large Layer 2 broadcast domain. So an ARP request which is a layer 2 broadcast will be received on all the ports on all the switches and correspondingly the PC’s
How many addresses are defined in ARP?
In summary, ARP defines both hardware (MAC) and protocol (IP) addresses in its operations, and ARP packets use these addresses to map IP addresses to corresponding MAC addresses within a local network.
Is an ARP message routable?
No, the messages do not contain an IP header
Describe the Ethernet addressing used in the standard ARP request. Are the source and destination addresses unicast, broadcast, or multicast?
The ARP request uses a unicast address for the source and a broadcast address for the destination
Describe the Ethernet addressing used in the standard ARP reply. Are the source and destination addresses unicast, broadcast, or multicast?
The ARP reply uses a unicast address for the source and a unicast
address for the destination
What is a gratuitous ARP?
This term refers to a node sending out an ARP request for its own IP
address in order to determine if another node is using the same
address.
What information is stored in an ARP table?
The ARP table contains a mapping between host MAC and IP
addresses. It also shows whether each entry is static or dynamic
Can we send standard ARP messages directly to computers that are not on our own network?
No, ARP is not routable
Is ARP included in IPv6?
No.
Is ARP a secure protocol?
No. False ARP messages can be created to fool ARP tables. Hosts then
make incorrect forwarding decisions. ARP transmissions are also sent
in the clear.
What is the Ethertype hexadecimal value for an ARP message?
0806
TCP IP Interview questions
1.Two users are accessing a Network application simultaneously. Which fields in the TCP/IP header would the server use to distinguish between the connections?
a. Source IP address in the IP header.
b. Destination IP address in the IP header.
c. Source port in the TCP header.
d. Destination port in the TCP header.
b. Destination IP address in the IP header.
c. Source port in the TCP header.
d. Destination port in the TCP header.
2. A web client opens two instances of a website using a browser. Which of the fields would be different for both the connections?
a. Source port number.
b. Destination port number.
c. Source IP address
d. Destination IP address.
b. Destination port number.
c. Source IP address
d. Destination IP address.
3. Which of the following fields are used to identify if the packet has to be sent on the same or different network?
a. Destination port number.
b. Subnet Mask.
c. Destination network address.
d. Domain name of the destination.
b. Subnet Mask.
c. Destination network address.
d. Domain name of the destination.
4. A PC does not have DNS server IP address configured on its adapter. What would happen if the user pings a website on the PC?
a.Response would be received as ping uses ICMP.
b.Response would be received as ping does not use DNS.
c.Response would fail as DNS resolution would fail.
d.None of the above.
b.Response would be received as ping does not use DNS.
c.Response would fail as DNS resolution would fail.
d.None of the above.
5. Which field is used in a TCP/IP header is used to identify the server application?
a.Source port number
b.Destination port number.
c.Socket number.
d.Socket port number.
b.Destination port number.
c.Socket number.
d.Socket port number.
6. When does data transfer commence in a TCP based communication?
a.After the TCP 3 way handshake
b.Before the TCP 3 way handshake
c.After the TCP 4 way handshake
d.None of the above.
b.Before the TCP 3 way handshake
c.After the TCP 4 way handshake
d.None of the above.
7. When does the TCP 4 way handshake commence?
a.There is nothing like TCP 4 way handshake.
b.After the 3 way handshake
c.Before the 4 way handshake
d.After data transfer is completed.
b.After the 3 way handshake
c.Before the 4 way handshake
d.After data transfer is completed.
8. Where is the source port number used in a TCP/IP header?
a.Inside transport layer headers like TCP or UDP
b.Inside IP layer header.
c.Inside application layer headers like FTP, HTTP etc.
d.None of the above.
b.Inside IP layer header.
c.Inside application layer headers like FTP, HTTP etc.
d.None of the above.
Interview questions on switching
PC1 and PC2 are connected to port 1 and port 2 of an ethernet switch using cat 5e cables. How many mac-addresses would the switch have learnt before PC1 sends data to PC2
The switch would not have learnt any mac-address in its mac-address table. Switches learn mac-addresses only after receipt of frame on the respective ports. In the above scenario, PC 1 has not yet send data, which is ultimately transported using ethernet frames.
How long would a switch retain a mac-address in its mac-address table
Assume that a PC is connected to a switch port. When the PC sends a frame to the switch port, the source mac-address in the frame is learnt and added to the table. Switches have mac-age-time which are configurable as well as set with a default value. When there is inactivity from the PC (Data/frames are not send) for the mac-age-time value, the mac-address is removed.
Default mac age time in cisco switch is 300 sec ie 5 mins
What do switches do with the source and destination mac-address in a frame
Switches would check the source mac-address in the frame and verify if it is available in the mac-address table. If not, the source mac-address would be added to the table. Switches would check if the destination mac-address is available in the mac-address table. If not, the frame would be flooded to all ports on the switch.Once a response is received from the intended recipient, the corresponding port would be updated with the mac-address entry (destination mac-address). In this way switch populates the mac-address table.
What do switches do if the source and destination mac-address on a frame is the same
When the source and destination mac-address in the frame is the same, the switch would not add the entry to it’s mac-address table or send it to the required destination.The frame will be filtered by the switch and discarded.
How do hubs handle unicast and broadcast frames
Hubs work at Layer 1 of the OSI model. They do not understand frames. Irrespective of the type of the frame, unicast or broadcast, the signal carrying the frame would be send to all ports on the hub.
What is the difference between manageable and unmanageable switches
Manageable switches have the capacity to be managed through Web interface, console, telnet, etc. This is possible because they contain an operating system which an unmanageable switch does not have.
How are broadcast and unicast frames differentiated by switches
Broadcast frames are identified by the value in the destination mac-address of the frame as FF-FF-FF-FF-FF-FF .Unicast frames contains the specific value of the mac-address of the intended recipient.
What are the changes that would be applied on the mac-address table of a switch if a PC which is connected to port 1 is disconnected and connected back to port 2.
When the PC is disconnected, from switch port1, the mac-address entry for the PC would be removed from the table since the link is broken. When it is connected back to switch port 2, the mac-address table would still not have the entry since there has been not data which is initiated yet from the PC.
Does switches use CSMA/CD
CSMA/CD is the protocol which is used by hubs. It is not used by switches
Can a hub be connected to a switch
A hub can be connected to a switch
Can a switch have an operating system
Yes, switches which have operating system are termed as manageable switch. Switches which does not have an operating system, are unmanageable switch
A PC has two network cards. How many mac-addresses would it have
Every network card has a unique mac-address. So a PC with two network cards would have two mac-addresses
Can two devices on same network can have the same mac-address.
It is not possible. Every device has a different network card. Each network card has a unique mac-address.
Can a mac-address value be edited
Certain network cards provide the provision to edit the mac-address.
What is size of a mac-address
The size of mac-address is 48 bits.
On a computer, which hardware component has the mac-address.
The network card has the mac-address
PC1 wishes to communicate with PC2. PC1 is aware of the IP address of PC2. Would the mac-address of PC2 be required, for data communication between PC1 and PC2 or would the knowledge of IP address suffice
The IP address information of the peer would be sufficient from a users perspective. But for data to be sent on the physical network, computers need to be aware of the mac-address of the device with which it needs to communicate.
The IP address information of the peer would be sufficient from a users perspective. But for data to be sent on the physical network, computers need to be aware of the mac-address of the device with which it needs to communicate.
Can an unmanageable switch be configured with an IP address
An unmanageable switch does not have an operating system, which is required for configuring an IP address.
What is a trunk port used for
A trunk port is used for carrying traffic from different VLANS. Take an example of two switches connected using a cable on two ports. VLAN 2 and VLAN 3 are configured on both the switches. For VLAN communication to be succesful between the switches, the ports should be configured as trunk ports.
What is the impact of an Ethernet frame in a cut-through and store and forward switching
Preamble and SFD are checked when a frame arrives on a switch port. This is for clock synchronization and the SFD informs the switch port the beginning of a new frame. The next field is the destination mac-address. In cut-through switching as soon as the Destination mac-address is read, the frame is forwarded to the intended destination port. In store and forward switching, the entire frame is copied to the buffer, the CRC value of the frame calculated and then the frame is forwarded to the intended destination port. The destination would also calculate the CRC value of the frame.
Interview questions on STP
What is the Spanning Tree Protocol used for
Spanning tree protocol is used to prevent looping of frames. Unlike IP, which has a TTL value field in the packet which is decremented every time the packet passes through a router and is dropped once the value reaches 0, the frame does not have any similar field. So if a scenario arises where a frame is looping in a switched environment, the frame would not automatically time out. The spanning tree protocol is used for preventing the looping.
Can STP be configured on a router
STP can be configured only on switches and not on routers. STP is used to prevent frame looping
Is STP required to be configured when there is only one switch involved.
It is not required. STP is used to shutdown redundant links between switches to prevent loops.
Is a generic ethernet frame modified when STP is configured on the network
STP is a protocol. It has it’s own frame when configured. So it would not affect a generic ethernet frame on the network.
How many designated ports can be available on a root bridge
All ports on a root bridge is designated ports.
How many root bridges can be available on a STP configured network
1
If the priority value of the two switches are same, which switch would be elected as the root bridge
The switch with the lowest mac-address value would be elected as the root bridge
Interview questions on routing
Can routers check ethernet frames
Routers look for information inside the IP packet header for routing the packets. But the packets itself would be encapsulated inside frames like ethernet, PPP etc. For example, if the IP packet is encapsulated inside an ethernet frame, the router would first need to check the destination mac-address inside the frame and verify if it is intended for itself and only then be able to process the IP packet header, which would be the data inside the packet.
How do routers populate routing entry for a directly connected network
A directly connected network refers to the network address corresponding to the IP address and subnet mask configured on the specific network interface card on the router. The IP address and subnet mask would be “And” ed to derive the network address.
A directly connected network refers to the network address corresponding to the IP address and subnet mask configured on the specific network interface card on the router. The IP address and subnet mask would be “And” ed to derive the network address.
How do routers forward IP packets
When a router receives an IP packet, it would check the destination IP address in the packet. The router would then performing an “And “ operation with the subnet mask of the different route table entries with the destination IP address and verify if the corresponding network address in the routing table matches. On a match, the packet would be forwarded to the interface to which it the route entry is associated with.
What are the parameters that are provided in a static route
A static entry would typically contain the network address, network mask and the default gateway. Let’s table an example where a router has two directly connected networks. The hosts within the router, needs to access a network which is not a directly connected network. The network is one hop away from the router and is reachable via the default gateway of the router. So the network address value would be the one which the hosts would want to reach via the router. This network address along with the network mask and the gateway address through which the network can be reached is configured as a static route.
How does a PC know as to whether the destination IP address is on the same or different network
Assume that a PC is configured with an IP address 192.168.2.1 and subnet mask 255.255.255.0. If the user on the PC issues a ping to the IP address 192.168.1.1, the PC would check in its routing table for matching network address and decide if it is on the same or different network.
An ADSL router is configured for internet connection. A switch is connected to the router to which the hosts are connected. What type of route entry should be configured on the router for the hosts to access the internet
A default route entry should be configured on the router. IP addresses which are internet based, cannot be configured explicitly on the routers since they would not be known beforehand. Examples are IP addresses of websites which the user tries to access. The default route once configured would take care of destination networks which the router is unaware
In which type of addressing (class full or classless) is the subnet mask information carried in the IP header.
Whatever the type of addressing, the subnet mask is never carried in an IP header
What is the difference between class full and classless addressing
In classful addressing, based on the first octet value of the IP address, the class of the network (A,B,C) is decided. In classless addressing, the octet value is not considered. Rather, the subnet mask is used to derive the network address.
What type of IP address (Private or Public ) is used when a computer is connected to the internet directly
Public IP address
On which hardware component on a computer is the IP address configured
The IP address is configured on the network card.
Does a computer have routing tables
A computer has routing table. The routing table is populated by the operating system, once the IP address, subnet mask and default gateway is configured. On a windows PC, the routing table can be viewed by typing the command ‘route print’ on the command prompt.
A default route (0.0.0.0) would be populated when the default gateway is configured.
The default route is required to route packets to unknown networks , like packets bounded for internet.
How many default route entries would be available in the routing table of a PC with two gateways
Every default gateway would correspond with a default route. So two default entries would be available on the routing table of a PC with two gateways
Interview questions on RIP
What is the destination IP address of a Rip v1 packet
Rip v1 is a broadcast packet. The destination IP address of a Rip v1 packet is 255.255.255.255
What is the main difference in RIP v1 and v2 packet
RIP v1 does not include the subnet mask information inside the packet. It does not support classless addressing. RIP v2 includes the subnet mask information inside the packet. For example, assume that the subnetted network 192.168.1.64/26 is configured on a RIP enabled router. If RIP v1 is configured, the route would be advertised as 192.168.1.0 ( It would take the default subnet mask of /24 and not /26). If RIP v2 is configured, the subnet mask information (/26) would also be advertised in the route.
If a Rip v2 router advertise it’s route, would it be received by all the devices on the network
Rip v2 is multicast. So the route advertisement would be received only by devices which has Rip v2 enabled. If the advertisement was Rip v1, then it would be received by all devices on the network as Rip v1 is broadcast.
How can a Rip route advertisement be blocked on a specific interface
By using the passive-interface command.
Which transport layer protocol does RIP use and the associated port number
UDP – Port 520
If a static route and a Rip learnt route is available on a router which entry would be chosen by the router to forward the packet
Static route would be chosen since it has lower administrative distance than Rip
What is the major benefit of dynamic routing protocol like RIP over Static route
In a static route, the route entries has to be manually configured on the router. Whereas in a dynamic routing protocol like Rip, routes are learnt automatically.
Can a subnet mask information be stored in a Rip v1 packet
Rip v1 is a classful routing protocol. It does not understand classless concepts like Subnets. So it is not possible
Is a subnet mask field available in a Rip v2 packet
Rip v2 is classless routing protocol. A rip v2 packet has a field to include the subnet mask information.
What is the administrative distance of Ripip
120
What is the multicast address that Rip v2 uses
224.0.0.9
Protocol Testing Interview Questions
The following are some basic protocol testing interview questions with answers.
Name one free tool which you would use to craft a packet?
Scapy
How would you design a test plan for testing a feature on a router.
The design document of the feature has to understood, based on which the test plan would be created.
How two tools which you use to automate the process of remote test execution
A combination of TCL and Expect or Python and Pexpect can be used for the purpose.
Name the typical fields which would be available in a test case document used for protocol testing
Test ID, Test description, steps to execute, expected result, actual result, status, remarks
What is the difference between functionality and conformance testing.
Functionality testing refers to the verification and working of the feature on a product. For ex, the working of VLAN on a switch. This is dependent on the design of the specific feature. Conformance testing refers to the procedure of testing the protocol for adherence to standards like RFC, IEEE etc.
Name two commercial tools which can be used for performance testing
IXIA, Spirent.
Name two applications which can be used for test case and defect management.
HP Quality center and Bugzilla.
Subscribe to:
Posts (Atom)