ARP: Each and every message with details of all info in packets Proxy-ARP and it’s use GARP. Where is it used? [[https://www.oreilly.com/library/view/packet-guide-to/9781449308094/ch04.html]] Ethernet: Dot1Q header. VLAN-ID. Max number of VLANs. You have an L3 trunk with subinterfaces. Which MAC address will be used for each subinterface? What is “type” field used for? When an IP packet is encapsulated in Ethernet header and has dot1q header added: what is the type field of VLAN header pointing to, and what is the “original” type field of Ethernet header pointing to? What is the value of the Ethernet type field that points to next header to be IP? DHCP: Details of each message DHCP relay: how it works? Which packets are broadcast and which are unicast? How can relayed DHCP server differentiate from which DHCP pool it should offer an IP address? ICMP, traceroute (UDP/ICMP/TCP based) What is the purpose? Which ICMP types/purposes can you describe? You ping a directly connected device, but it says "Request Timed Out" (ping is blocked). How can you tell if the device is reachable? LACP: What is LAG or What is portchannel? Purpose of LACP? Is it mandatory to have LACP or any other control protocol for link aggregation? IP: Which fields of IP header you know and can explain the purpose? What is MTU? If the router gets the IP packet with size of 2000 Bytes, and the outgoing interface has MTU of 1500, what will the router do? (answer should have two options: DF bit set or un-set) Can you explain the fragmentation related fields in IP header? Which headers are included in IP fragments? Do you know what is GRE? Any example where it could be used? You see 10 IP packets in wireshark. How can you tell if the packets came in the same order in which they were sent? FTP: Difference between active and passive FTP. Details and some FTP messages (PORT) You have a firewall which is also doing source NAT from your private network to the Internet. In your internal network you have FTP Client, and you want to access the FTP Server on Internet. You see that for some reason the Active mode FTP is not opening the data connection. What could be the reason? TCP 3-way handshake -> all details. What is the purpose of this 3-way handshake? With your own words. What is agreed in the 3-way handshake? How can be a TCP session closed? What is selective ack (SACK) and how it works? What is MSS, and what is it used for? Why would you wish to decrease MSS in configuration? Is it possible to decrease MSS in existing connection? How does TCP provide reliability? What is window size? What will happen if you receive a packet with windows size zero? Can you change windows size in established TCP connection? What is Window scaling, and what is it used for? SECURITY SSL: Explain SSL handshake? Can you use DH in key exchange process of SSL handshake? Explain SSL-FP ALG: DNS ALG FTP ALG NAT: Understanding of NAT types (src/dst/static) Imagine two branch offices. Both offices are using overlapping IP addresses from the same range, let’s say 10.0.0.0/24. Both offices have only Internet connections via local router. Now, you need to establish communication between hosts in two branch offices. How can this be achieved? Hair-pinning (I think this one will require drawing to be well explained) FW (L4-L7 security): Give an example of DDoS attack. What is a way in which a firewall can protect a server from a syn-flood attack? What is syn-proxy and how it works? What is syn-cookie and how it works? Which (D)DOS you know? Do you know what how any of the deep packet inspection works (IDP/AppFW/AV…)? General: What is ARP spoofing? What is DHCP snooping? What is the difference between a statefull firewall and a packet filter? What is the security concern of processing fragmented packets? If your device receives a TCP SYN packet to closed port, what will your device do? (answers should include: TCP Reset, or nothing in silent discard) If your device receives a UDP packet to a closed port, what will your device do? (answers should include: ICMP Destination Unreachable, or nothing in silent discard) IPSEC What is the purpose of IPSEC? What is the purpose of the two Phases? Difference between main and aggressive mode. Where is the aggressive mode used? Explain main mode in detail for all messages Explain quick mode Explain IKEv2 messages. What is PFS? What is proxy-id / traffic-selector? What is NAT-T? How is NAT-T detected/negotiated between peers? Describe all headers for an ESP IPSec packet? Starting from L2 and up to the end. ROUTING General: What is administrative distance and what is routing protocol metric? Why do we use Administrative distance? OSPF: DR/BDR (election process). There are 5 routers in same broadcast domain, configured in same OSPF area. Routers are numbered from 1 to 5, and priorities on interfaces are set from 10 to 50 (step 10) respectively. If all routers are booted at same time, which one will become the DR? If you add router 6 with interface priority 60, what will happen to DR/BDR? In the same broadcast domain, there are 5 routers. Some of the routers have FULL adjacencies with other OSPF routers, but some routers see only 2WAY state. What could be the reason? You see that OSPF state does not move further than ExStart. What could be the reason? Is the DR/BDR elected per broadcast domain, or per Area, or per OSPF Domain? Area types (backbone, stub…) LSA types, their purpose and their scopes. Who is generating which LSA type. BGP: Difference between EBGP and IBGP What is main requirement for IBGP (answer should refer to full-mash). Are there any options that can help to avoid the need for full mash (answer should refer to RR/confederation)? Route re-advertisements between EBGP/IBGP routers (e.g. routes learned from IBGP are re-advertised to which xBGP peers)? Explanation of path selection attributes (local preference, AS-path, med…) If on your IBGP router you see a route as hidden, what could be the reason for this situation and how can it be solved? You want to establish EBGP session using loopback interfaces on peer routers, but you see that BGP does not establish. What could be the reason and how to solve it? UNIX . How does an operating system start? 2. What is filesystem? 3. Which command would you use to check open ports on the local machine? 4. Which command would you use to check the available disk space? 5. What is the command to see which filesystems are mounted where? 6. How would you actively monitor what is being written in a log file? 7. How do you find files that have sizes greater than 100M? 8. Which built in mechanism/tool would you use to create an automated task in unix? (cron) 9. How would you change permissions to a file? For example: which command will make a file rwxr-xr-x? 10. What is the difference between soft and hard links?