Interview Questions and Answers on

Computer Network and Network Security

 Explain OSI layers
Layer Function
Application Layer Providing interface between user and Computer.
Example Protocols: HTTPS,SMTP,FTP etc..
Presentation Layer Gets the data from Application layer and perform Translation(ASCII to HEX) ,Data Compression,
Encoding/Decoding and Encryption/Decryption. Protocols: SSL/TLS,JPEG,MPEG

Session layer Responsible for establishing, maintaining, and terminating communication sessions between devices. Protocols:
RPC, NetBIOS

Transportation Layer Responsible for the end-to-end delivery of data between devices. It provides reliable data transfer, flow control,
and error recovery. Protocols: TCP/UDP
Network layer Responsible for delivery of data between devices on different networks. Routing data packets between
networks, and managing congestion. Routers and Firewalls uses are the devices used in this layer

Data Link Layer Responsible for host to host delivery of data. Dividing the data into frames, adding error detection and
correction codes. Switch uses in this Layer
Physical layer Responsible for physical transmission of data between devices
 Explain TCP 3-Way handshake
• Step 1: The client sends a SYN (synchronize) packet to the server
with an initial sequence number (ISN). The SYN packet informs
the server that the client wants to establish a connection

• Step 2: The server receives the SYN packet and responds with a
SYN-ACK (synchronize-acknowledge) packet. Which means
server is willing to establish a connection. The same Packet
Contain Server own SYN packet.

• Step 3: The client receives the SYN-ACK packet and sends an

ACK (acknowledge) packet to the server SYN packet and
completes the three-way handshake.
 Explain TCP header
Important Fields in TCP Header:
Source Port
Destination Port
Sequence Number
Acknowledgment Number
Window Size
Control Flags (6 bits):

SYN (Synchronize): This flag is used to initiate a connection between two devices

ACK (Acknowledgment): This flag is used to acknowledge the receipt of a packet

FIN (Finish): This flag is used to terminate a connection between two devices.

RST (Reset): This flag is used to reset a connection that has been terminated abruptly.

URG (Urgent): This flag is used to indicate that the data in the packet is urgent and should be
processed immediately.

PSH (Push): This flag is used to indicate that the data in the packet should be pushed to the receiving
application immediately
 Explain IP header
Important Fields in IP Header:
Version (4 bits): The version field specifies the version of the IP protocol
being used

Time-to-Live : The time-to-live field is used to limit the lifetime of the IP

datagram

Protocol: Indicates the protocol used in the data portion of the datagram,
such as TCP, UDP, ICMP, or IGMP.

Header Checksum (16 bits): The header checksum field is used to ensure the
integrity of the IP header.

Source IP Address (32 bits): The source IP address field identifies the sending
device's IP address.

Destination IP Address (32 bits): The destination IP address field identifies

the receiving device's IP address.
 Can you explain Difference between TCP
and UDP
TCP UDP
TCP is a connection-oriented protocol. UDP is Connection less

(Connection-orientation means that the communicating (This is because there is no overhead for opening a
devices should establish a connection before transmitting data connection, maintaining a connection, and terminating a
and should close the connection after transmitting the data.) connection. UDP is efficient for broadcast and multicast types
of network transmission)
TCP is reliable as it guarantees the delivery of data to the The delivery of data to the destination cannot be guaranteed
destination router. in UDP
TCP is comparatively slower than UDP. UDP is faster, simpler, and more efficient than TCP.
Retransmission of lost packets is possible in TCP, but not in There is no retransmission of lost packets in the User
UDP Datagram Protocol (UDP).
An acknowledgment segment is present. No acknowledgment segment.
TCP is used by HTTP, HTTPs, FTP, SMTP and Telnet. UDP is used by DNS, DHCP, TFTP, SNMP, RIP, and VoIP.
Explain Classes of IP address

Class D IP Address Range: This range IP addresses are not allocated to hosts and are used for multicasting
Class E IP addresses: This Range IP address are reserved for research purposes

Tell us Private IP address range

Explain What is DHCP and How it works
DHCP (Dynamic Host Configuration Protocol) used to automatically
assign IP addresses and other network configuration parameters (subnet
masks, default gateways) to devices on a network.

DHCP works on process called DORA

When a device connects to the network, it sends a DHCP Discover

Message to the DHCP server

DHCP Server responds with a DHCP offer containing the available IP

address, subnet mask, default gateway, and other configuration
parameters.

If the device accepts the DHCP offer, it sends a DHCP request to the
DHCP server to confirm the assignment of the IP address and other
network settings

The DHCP server then sends a DHCP acknowledgement to the device,

which confirms the assignment of the IP address and other network
settings.
 What is DNS Server and How it works?
A DNS (Domain Name System) server that translates domain names (e.g. www.example.com) into IP addresses (e.g. 192.0.2.1)

• When you type a domain name into your web browser, your computer sends a
request to a DNS Server(resolver) to look up the IP address associated with
that domain name. If DNS server finds IP address it return to you. if not
Following Process happens.

• The DNS Server (resolver) then queries a series of DNS servers, starting with
the root servers. Root servers have the Top level domains (TLD’s) information.
• Top level domain (TLD) shares IP address of authoritative DNS server for that
domain name.
• The authoritative DNS server(SLD) is responsible for maintaining the DNS
records for the domain, which include the IP address of the web server.
• Once the authoritative DNS server is located, the DNS resolver caches the IP
address and returns it to your web browser.
• Now the client Computer uses the IP address to establish a connection with
website or domain.
 What is Firewall? What is Stateful Inspection in
Firewall
A firewall is a network security system that monitors and controls incoming
and outgoing network traffic based on a set of predefined security rules. It
acts as a barrier between an internal network and the Internet or other
external networks to prevent unauthorized access to or from the network.

Stateful inspection is a firewall technology that monitors and manages

network connections by keeping track of the state of each connection and
only allowing traffic that is part of an established connection.

Stateful inspection firewalls provide enhanced security compared to

traditional packet filtering firewalls, as they can identify and block various
types of attacks.
 Difference Between Traditional Firewall VS Next
generation Firewall
Traditional Firewall:

Traditional firewalls operate at the network layer (Layer 3) and transport

layer (Layer 4) of the OSI model
They are designed to block or allow traffic based on IP addresses, port
numbers, and protocols.
Less sophisticated than next-generation firewalls (NGFWs) and lack
advanced features such as application control, intrusion prevention, and
deep packet inspection.

Next generation Firewall:

NGFW operates at multiple layers of the OSI model, including the
application layer (Layer 7).
NGFWs are more sophisticated than traditional firewalls and are better able
to detect and prevent advanced threats such as malware, zero-day exploits,
and targeted attacks.
What is Difference between Firewall Deny and Drop

Firewall Deny: When a firewall is configured to "deny“ (Reject) traffic, it

sends a response to the sender indicating that the traffic is not allowed
and should be blocked
Firewall Drop:
when a firewall is configured to "drop" traffic, it silently discards the
traffic without sending any response to the sender.

What is IDS/IPS
IDS stands for Intrusion Detection System. An IDS monitors network
traffic based on Signatures for signs of suspicious activity or attacks.
When it detects suspicious activity, it generates an alert.

IPS stands for Intrusion Prevention System. An IPS also monitors

network traffic for suspicious activity and actively blocking any traffic
that is deemed to be malicious or unauthorized.
What is HIPS and NIPS and Difference Between Them

HIPS:
HIPS stands for Host-based Intrusion Prevention System.
HIPS runs on individual computers or servers and monitors their behavior for signs of malicious activity.
HIPS can detect and block malware, unauthorized access attempts, and other types of attacks on hosts.

NIPS:
NIPS stands for Network-based Intrusion Prevention System.
NIPS monitors network traffic for signs of malicious activity
NIPS can detect and block attacks such as distributed denial of service (DDoS) attacks or attempts to exploit vulnerabilities
 Difference between Firewall and IPS

Firewall:

A firewall is a network security device that is used to monitor and control incoming and outgoing network traffic.

Firewalls can be hardware or software-based, and they are typically used to protect against known network attacks, such as
denial-of-service (DoS) attacks, malware, and unauthorized access attempts.

IPS:

IPS system is a security measure that actively monitors network traffic for potential threats, and it has the capability to
prevent those threats from succeeding.

IPS systems can detect and block attacks in real-time, using a combination of signature-based and behavior-based analysis

IPS systems are more adaptive and can respond to new and emerging threats in real-time.
 What is Proxy server and Types

A proxy server is an intermediary server between a client (such as a web browser) and a server (such as a website or application server).
When a client makes a request for information, the request is first sent to the proxy server, which then forwards the request to the server
on behalf of the client.

Types of Proxy servers

1. Forward proxy: A forward proxy is used by clients to access websites or services on the Internet.
2. Reverse proxy: A reverse proxy is used by servers to receive requests from clients on the Internet and forward them to backend servers.
3. Transparent proxy: A transparent proxy intercepts and forwards traffic without requiring any configuration changes on the client side.
 Protocols and Port Number
Protocol Description Port number
FTP(data) File Transfer Protocol (Data transfer) 20

FTP(Control) File Transfer Protocol (Control Connection) 21

SSH Secure Shell 22
Telnet Telnet protocol—unencrypted text communications 23
SMTP Simple Mail Transfer Protocol 25
DNS Domain Name System 53
DHCP Hypertext Transfer Protocol (HTTP) 67,68
HTTP Hypertext Transfer Protocol (HTTP) 80
POP3 Post Office Protocol 110
NTP Network time protocol 123
NetBIOS NetBIOS name service and Session Service 135-139
IMAP Internet Message Access Protocol (IMAP) 143
SNMP Simple Network management Protocols 161,162
LDAP Lightweight Directory Access Protocol 389
RDP,HTTPS Remote desktop Protocol, Hypertext Transfer Protocol Secure 3389,443
(HTTPS)
 Windows and Linux commands
1. Ping: A command to check if a computer or server is online and can be reached.

2. Traceroute (tracert on Windows): Determines the path that network packets take from the source to the destination. It helps identify
intermediate hops and possible points of failure.
 Windows and Linux commands
nslookup (Windows) / dig (Linux): Both commands are used to query DNS (Domain Name System) servers to look up DNS records like A, CNAME, MX, etc., for a
given domain or hostname.

netstat: Displays network statistics and active network connections. It helps identify open ports, established connections, and listening
services on a system.

arp: Helps find the physical address (MAC address) that matches an IP address on your local network (arp -a (Windows) and arp -n (Linux))
 Windows and Linux commands
ifconfig (Linux) / ipconfig (Windows): Used to view and configure network interfaces, including IP addresses, netmasks, and gateways.
• Type in Windows CMD – ipconfig -Example Output in Linux:

SSH: Secure Shell protocol used for remote access to systems securely.
 Windows and Linux commands

ls: Lists the contents of a directory, showing files and directories in the specified location.
df: Displays information about disk space usage on the file system.
chmod: Changes file permissions, allowing you to control who can read, write, or execute
files.
find: Searches for files and directories in a directory hierarchy based on various criteria such
as name, type, size, etc.
cat: Concatenates and displays the contents of a file. It is often used to view log files or text-
based configurations,
grep: A command used for pattern searching within files or command output. It is helpful for
filtering information and searching for specific strings.
ps: Displays information about running processes, including their Process ID (PID), CPU and
memory usage, and other details.