Comprehensive knowledge of the seven layer Open Systems Interconnection model, including Layer One Physical, Layer Two Data Link, Layer Three Network, Layer Four Transport, Layer Five Session, Layer Six Presentation, and Layer Seven Application. Understand the primary responsibilities and services at each layer, how data is packaged and transformed as it moves down and up the stack through encapsulation and decapsulation, and the unit of data at each stage such as bits at the physical layer, frames at the data link layer, packets at the network layer, and segments at the transport layer. Be able to identify common protocols and services that operate at each layer, for example Ethernet and link layer protocols at the data link layer, Internet Protocol at the network layer, Transmission Control Protocol and User Datagram Protocol at the transport layer, and application layer protocols such as Hypertext Transfer Protocol and Domain Name System at the application layer. Understand which hardware devices operate at which layers, such as cabling and transceivers at the physical layer, switches and bridges at the data link layer, and routers at the network layer, and how these devices affect forwarding and inspection. Know how the Open Systems Interconnection model maps to and differs from the four layer Transmission Control Protocol and Internet Protocol stack, including which functions are combined or abstracted differently, and how layering choices affect security placement, encryption strategy, performance, and troubleshooting. Be able to apply this knowledge to diagnose faults by mapping symptoms to layer specific causes and to reason about header fields, addressing and port schemes, segmentation and retransmission behavior, and cross layer interactions.
HardTechnical
71 practiced
Describe the end-to-end principle and how it relates to placing functionality in different OSI layers (e.g., encryption, retransmission, error checking). Provide examples where rigidly following end-to-end is beneficial and where placing functions in intermediate devices is justified.
Sample Answer
End-to-end principle: functions (reliability, encryption, correctness) are best implemented at endpoints unless intermediate nodes gain substantial benefits. It minimizes unnecessary complexity in the network and keeps endpoints in control.Examples where end-to-end is beneficial:- Encryption: TLS/mTLS at endpoints ensures confidentiality and integrity regardless of intermediate devices. Keeps keys controlled by endpoints.- Retransmission/ACKs (TCP): Implemented at endpoints to tailor retransmit timers and congestion control for application needs.Examples where intermediate placement is justified:- Performance optimization: WAN accelerators (TCP proxies) or CDNs terminate connections to reduce RTT and compress traffic—trade privacy for performance.- Security/enforcement: Firewalls, IDS/WAFs need visibility to inspect traffic; terminating TLS at controlled points with strict controls can be necessary for regulatory reasons.- Reliability in heterogeneous networks: Link-layer retransmission (e.g., wireless ARQ) improves performance in lossy media without involving endpoints.Guiding principle: Prefer endpoint implementations unless intermediate functionality (performance, security inspection, optimizations) yields clear, measurable benefits and compensating controls (e.g., re-encryption, auditable key handling) exist. Architect with clear ownership and documented trade-offs.
EasyTechnical
78 practiced
Define what a MAC address and an IP address represent. Which OSI/TCP-IP layers do they belong to, and how are they used differently during frame vs. packet forwarding?
Sample Answer
**Definition and layer placement:**- MAC address: - Represents: A hardware (link-layer) physical address burned into or assigned to a NIC; used for local network identification and switching. - OSI/TCP-IP layer: OSI Layer 2 / TCP-IP Link layer. - Use in forwarding: Frames carry source/destination MACs. Switches forward based on destination MAC within the same broadcast domain; ARP resolves IP→MAC for local delivery.- IP address: - Represents: A logical endpoint address used for identifying hosts and networks and for routing across networks. - OSI/TCP-IP layer: OSI Layer 3 / TCP-IP Internet layer. - Use in forwarding: Packets carry source/destination IPs. Routers examine destination IP and consult routing table to forward packet between networks; when packet reaches same L2 network, ARP supplies the destination MAC used in the frame.In short: MAC = local link delivery; IP = global routing. Encapsulation uses IP inside an L2 frame whose MAC headers change hop-by-hop, while IP addresses remain the end-to-end identifiers.
HardTechnical
71 practiced
Given a pcap where TCP segments have varying MSS values and several retransmissions occur when passing through an upstream firewall, how would you investigate whether Path MTU, MSS clamping, or firewall TCP reassembly is the cause? Outline specific capture points and what you'd look for.
Sample Answer
Approach: Treat this as packet-path forensics. Capture at multiple points (client, firewall ingress/egress, server) and correlate TCP MSS/SYN, IP DF/fragmentation, and retransmission patterns.Capture points and what to look for:- Client-side capture (or nearest switch): look at initial SYN from client — check TCP MSS option value, IP total length and DF bit. Confirm client sends full-size segments.- Firewall ingress (upstream-facing): capture packets as they arrive to firewall. Verify if MSS in SYN is modified (MSS clamping) or if firewall reassembles/acks upstream.- Firewall egress (downstream-facing/outside): capture packets after firewall processing. Compare MSS in SYN/SYN-ACK, segment sizes, and any changes to IP ID/DF flags. If MSS lowered here, firewall is clamping.- Server-side capture: confirm what server receives (SYN MSS) and how it responds (SYN-ACK MSS). If server's observed MSS differs from client, note where change occurred.What retransmissions reveal:- Retransmissions with identical sequence numbers and MTU-sized payloads followed by ICMP 'Fragmentation needed' imply PMTU issues. Look for ICMP type 3 code 4 messages and MTU values.- Retransmissions where firewall is sending duplicate ACKs or TCP RSTs may indicate firewall TCP reassembly or connection tracking timeouts.Specific signs:- PMTU: presence of ICMP type 3 code 4; path MTU discovery probes (small packets then larger ones fail); DF set and fragmented packets absent.- MSS clamping: modified MSS option in SYN/SYN-ACK on firewall egress; difference between client and server MSS values.- Firewall TCP reassembly: firewall emits ACKs with higher-than-expected next-seq (it consumed data), or server/client see retransmits though firewall already delivered; inspect firewall logs for connection tracking reassembly and re-segmentation.Correlation steps:1. Timestamp-align captures and match TCP 4-tuple + initial sequence numbers.2. Find where MSS or DF changes first appear — that device is likely responsible.3. Look for ICMP messages and for device-specific behavior (clamping config, reassembly enabled).Closing: Use captures plus firewall config/logs. If needed, replicate with controlled MTU/MSS settings to prove cause.
EasyTechnical
70 practiced
You're handed a cable and asked to verify layer 1 is functioning. List at least five tests or tools you would use to validate Physical Layer connectivity and what each test detects.
Sample Answer
**Validate Layer 1 — tests/tools and what they detect:**1) Cable tester (continuity/tone) — detects open, short, miswires, split pairs and wiring order issues.2) Wire mapper / certification tester (e.g., Fluke) — measures pair length, NEXT/FEXT, attenuation, return loss; verifies Cat rating compliance.3) Optical power meter and light source (for fiber) — measures insertion loss and transmitter power; detects dirty/broken fiber or bad connectors.4) TDR (Time Domain Reflectometer) — locates impedance mismatches and distance to faults (breaks/shorts) on copper/fiber.5) Link/activity LEDs and NIC self-test (loopback) — verifies link negotiation, speed/duplex, and detects physical link up/down.6) Multimeter (voltage) — checks PoE negotiation voltage presence and pin power when needed.7) Protocol/packet-level quick check: swap known-good cable and port or connect laptop to directly test link — practical sanity-check to isolate cable vs. device.These tests let you distinguish cabling/media faults from configuration or higher-layer issues.
HardSystem Design
66 practiced
You're designing a multi-tenant data center network. Explain how you would use OSI/TCP-IP concepts (VLANs, VRFs, ACLs, routing, NAT) to isolate tenants while allowing shared services (DNS, authentication). Provide a high-level architecture and describe which layers are used for isolation versus connectivity.
Sample Answer
High-level goal: Strong isolation per tenant, shared services accessible, scalable and operable.Architecture (high-level):- Layer 2: VLANs per tenant for broadcast/domain isolation inside a pod/leaf segment.- Layer 3: VRFs per tenant to isolate routing tables and avoid route leakage. Each VRF has its own IP space and default gateway.- Routing: EVPN-VXLAN overlay between leaf/spine to carry tenant segments; underlay uses BGP to scale.- Security: Tenant-specific ACLs on VRF-aware firewalls and distributed ACLs at leafs; centralized NGFW for east-west inspection.- NAT: Use NAT at edge for overlapping address spaces when tenants require outbound internet access; perform SNAT in tenant edge VRF or shared egress VRF.- Shared services: Place DNS, authentication, and logging in a dedicated services VRF. Provide controlled access via VRF route-target import/export or via service routers with strict ACLs and proxying.Isolation vs Connectivity by layer:- Layer 2 (VLAN): prevents L2 broadcast/ARP leakage; good for small scale but insufficient alone.- Layer 3 (VRF, routing): enforces tenant routing separation and policies; primary isolation mechanism.- Layer 4/7 (ACLs, firewalls): enforce service-level policies, rate-limiting, and tenant-specific security controls.Operational notes:- Use route-target import/export to expose selected shared-service prefixes to tenant VRFs rather than leaking entire routing tables.- Use centralized authentication proxies (RADIUS/LDAP) reachable from tenants via ACLs and TCP proxy if needed.- Logging and metering: per-tenant telemetry exported to tenant-specific telemetry endpoints.Trade-offs: VRFs + EVPN scales well and provides strong isolation. NAT helps overlapping addresses but complicates traceability. Strict ACLs and shared-service proxies keep security boundaries clear.
Unlock Full Question Bank
Get access to hundreds of OSI Model and TCP IP Stack interview questions and detailed answers.
