Network Engineering Interview Questions and Answers

Basic Networking

Q: What is the OSI model? Can you explain each layer?

A: The OSI (Open Systems Interconnection) model has 7 layers:

- Layer 7: Application - Interfaces with end-user applications (e.g., HTTP, FTP).

- Layer 6: Presentation - Translates, encrypts, and compresses data.

- Layer 5: Session - Manages sessions or connections.

- Layer 4: Transport - Ensures complete data transfer (e.g., TCP, UDP).

- Layer 3: Network - Handles routing and addressing (e.g., IP).

- Layer 2: Data Link - Responsible for MAC addresses, frames, and switching.

- Layer 1: Physical - Covers physical transmission (cables, switches, etc.).

Q: What is the difference between a hub, switch, and router?

A: - Hub: Broadcasts data to all ports; no intelligence.

- Switch: Sends data only to the intended MAC address; operates at Layer 2.

- Router: Connects different networks and routes packets using IP addresses; Layer 3.

Q: What are the differences between TCP and UDP?

A: - TCP: Connection-oriented, reliable, ordered, error-checked (e.g., HTTP, SMTP).

- UDP: Connectionless, faster, no guarantee of delivery (e.g., DNS, VoIP).

Q: What is a subnet mask? How does subnetting work?

A: A subnet mask divides an IP address into network and host portions. Subnetting breaks a large network

into smaller subnets for better performance and security.

Q: What is the purpose of ARP?

A: ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses within a LAN.

Q: What is NAT and how does it work?

A: NAT (Network Address Translation) allows multiple devices on a private network to share a single public

IP for internet access. It modifies IP headers in packets as they traverse a router.

Routing & Switching

Q: What is the difference between static and dynamic routing?

A: - Static Routing: Manually configured routes; no overhead but lacks flexibility.

- Dynamic Routing: Uses protocols to learn routes (e.g., OSPF, BGP); adapts to changes automatically.

Q: Explain the difference between RIP, OSPF, and BGP.

A: - RIP: Distance-vector, max 15 hops, simple.

- OSPF: Link-state, hierarchical, faster convergence, used within organizations.

- BGP: Path-vector, used between ISPs and large networks on the internet.

Q: What is VLAN and why is it used?

A: VLAN (Virtual LAN) logically segments networks into different broadcast domains without physical

separation.

Q: How does trunking work in VLANs?

A: Trunking allows multiple VLANs to be carried over a single physical link using tagging (e.g., 802.1Q).

Q: What is STP (Spanning Tree Protocol)?

A: STP prevents loops in a network with redundant links by disabling some paths and ensuring a loop-free

topology.

Q: What are the different types of port security?

A: - Static: Predefine allowed MACs.

- Dynamic: Learns MACs dynamically.

- Sticky: Learns and saves MACs into the running config.

Violations can be set to protect, restrict, or shutdown the port.

IP Addressing & DNS

Q: What is the difference between public and private IP addresses?

A: - Public IP: Routable on the internet.

- Private IP: Used within local networks; not routable (e.g., 192.168.x.x).

Q: What is CIDR notation?

A: CIDR (Classless Inter-Domain Routing) notation (e.g., 192.168.1.0/24) represents IP addresses and their

subnet masks.

Q: How does DNS resolution work?

A: A client queries a DNS server for a domain name; the DNS server returns the associated IP. If it doesn't

know the answer, it forwards the query up the DNS hierarchy (root > TLD > authoritative).

Q: What are the differences between IPv4 and IPv6?

A: - IPv4: 32-bit, ~4.3 billion addresses.

- IPv6: 128-bit, vastly more addresses, includes features like built-in security and auto-configuration.

Network Troubleshooting

Q: What tools do you use to troubleshoot a network?

A: Common tools:

- ping

- traceroute

- ipconfig/ifconfig

- nslookup

- netstat

- nmap

- Wireshark.

Q: What is the difference between traceroute and ping?

A: - Ping: Checks if a host is reachable and measures round-trip time.

- Traceroute: Shows the path a packet takes and delays at each hop.

Q: How would you troubleshoot a network connectivity issue?

A: - Check cables and link lights.

- Use ping and traceroute.

- Check IP config.

- Look for switch/router issues.

- Check DNS resolution and firewalls.

Q: A user can access internal sites but not the internet-how would you investigate?

A: - Check NAT configuration.

- Check default gateway.

- Test DNS resolution.

- Verify outbound firewall rules.

Security

Q: What is a firewall and how does it work?

A: A firewall monitors and controls incoming/outgoing traffic based on rules. It can be hardware or

software-based.

Q: What's the difference between stateful and stateless firewalls?

A: - Stateless: Inspects each packet independently.

- Stateful: Tracks active connections and allows only packets matching known connections.

Q: What is a DMZ and why is it used?

A: A DMZ (Demilitarized Zone) is a buffer zone between an internal network and the internet, often used to

host public-facing services (e.g., web servers) securely.

Q: How do you secure a wireless network?

A: - Use WPA3 or WPA2 encryption.

- Disable SSID broadcasting.

- Enable MAC filtering.

- Use strong passwords and segment wireless from internal network.

Advanced Topics

Q: How does BGP prevent routing loops?

A: BGP uses AS_PATH to record the ASes a route has traversed. If it sees its own AS in the path, it discards

the route, preventing loops.

Q: What is route summarization and why is it important?

A: Route summarization aggregates multiple routes into one, reducing routing table size and improving

efficiency.

Q: Explain QoS and when you would use it.

A: QoS (Quality of Service) prioritizes traffic to ensure critical applications (e.g., VoIP, video conferencing)

have bandwidth and low latency.

Q: What is MPLS and how does it work?

A: MPLS (Multiprotocol Label Switching) speeds up packet forwarding by using labels instead of IP lookups,

often used for high-performance networks.

Q: How does SD-WAN differ from traditional WAN?

A: SD-WAN uses software to manage WAN connections and intelligently route traffic over multiple links

(MPLS, broadband, LTE), improving flexibility and performance.