InterviewStack.io LogoInterviewStack.io

Network Fundamentals and Security Questions

Covers core networking concepts and the security controls used to protect data and services across the network stack. Candidates should understand the open systems interconnection model and the Internet Protocol suite, including responsibilities and behaviors at the physical, data link, network, transport, and application layers. Be able to explain transmission control protocol packet flow, ports and sockets, network address translation, and how client server interactions use protocols such as Hypertext Transfer Protocol, Hypertext Transfer Protocol Secure, Domain Name System, and Dynamic Host Configuration Protocol. Understand how encryption and authentication are applied at different protocol layers, including Secure Sockets Layer and Transport Layer Security, the role of certificate authorities and digital certificates, and how the Transport Layer Security handshake protects data in transit. Be able to distinguish secure and insecure protocols, describe common network attack patterns such as eavesdropping, man in the middle, spoofing, and distributed denial of service, and articulate mitigation techniques including virtual private networks, secure configuration of services, segmentation, and basic host and network hardening. Candidates should also know fundamental controls such as stateful and stateless firewalls, proxying, and secure remote access, and be familiar with detection and troubleshooting tools and techniques such as packet capture, flow analysis, packet logging, and traffic inspection.

EasyTechnical
41 practiced
Define and contrast the following network attack patterns: eavesdropping, man-in-the-middle (MITM), IP or ARP spoofing, and distributed denial-of-service (DDoS). For each attack, give one realistic mitigation or detection control an Information Security Analyst could implement (e.g., encryption, DAI, ingress filtering, rate-limiting, scrubbing centers).
MediumTechnical
40 practiced
You see the following tcpdump snippet (timestamps shortened):
12:00:01.000000 IP 10.0.0.5.54321 > 203.0.113.10.443: Flags [S], seq 1000, length 012:00:01.010000 IP 203.0.113.10.443 > 10.0.0.5.54321: Flags [S.], seq 2000, ack 1001, length 012:00:01.020000 IP 10.0.0.5.54321 > 203.0.113.10.443: Flags [R], seq 1001, length 0
Interpret what likely happened here. What are at least three plausible causes for the immediate RST from the client after SYN-ACK? Describe the next investigative steps and what additional data sources you would collect to confirm the root cause.
MediumTechnical
42 practiced
Describe how ARP spoofing (ARP poisoning) can be used for local man-in-the-middle attacks. Provide at least three detection or mitigation techniques you would deploy in a switched LAN (for example: dynamic ARP inspection, static ARP entries, arpwatch). Describe limitations of each technique and how an analyst would verify an attack is occurring.
HardSystem Design
38 practiced
Design a secure remote-access architecture for 300 distributed employees that follows zero-trust principles. The environment includes SaaS applications, internal web applications, and an on-prem datacenter. Your design should cover identity and access controls, device posture verification, network controls (VPN vs agent-based ZTNA), logging/visibility, scalability and resilience. Provide a migration path from a legacy VPN and a list of measurable success criteria.
EasyTechnical
36 practiced
Describe the TCP three-way handshake in detail (SYN, SYN-ACK, ACK). Include which TCP flags and sequence/acknowledgement behaviors are used. As an analyst, how does understanding the handshake help you detect a SYN flood or suspicious connection patterns? Describe one mitigation (e.g., SYN cookies, connection rate-limiting) and how it defends against the attack.

Unlock Full Question Bank

Get access to hundreds of Network Fundamentals and Security interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.