Technical Interview Questions – Networking (Part-3)

Part 1

Part 2

1. Describe the differences between WINS push and pull replications.

Ans: To replicate database entries between a pair of WINS servers, you must configure each WINS server as a pull partner, a push partner, or both with the other WINS server.

* A push partner is a WINS server that sends a message to its pull partners, notifying them that it has new WINS database entries. When a WINS server’s pull partner responds to the message with a replication request, the WINS server sends (pushes) copies of its new WINS database entries (also known as replicas) to the requesting pull partner.
* A pull partner is a WINS server that pulls WINS database entries from its push partners by requesting any new WINS database entries that the push partners have. The pull partner requests the new WINS database entries that have a higher version number than the last entry the pull
partner received during the most recent replication. 

2. What is the difference between tombstoning a WINS record and simply deleting it?

Ans: Simple deletion removes the records that are selected in the WINS console only from the local WINS server you are currently managing. If the WINS records deleted in this way exist in WINS data replicated to other WINS servers on your network, these additional records are not fully removed.
Also, records that are simply deleted on only one server can reappear after replication between the WINS server where simple deletion was used and any of its replication partners. Tombstoning marks the selected records as tombstoned, that is, marked locally as extinct and immediately released from active use by the local WINS server. This method allows the tombstoned records to remain present in the server database for purposes of subsequent replication of these records to other servers. When the tombstoned records are replicated, the tombstone status is updated and applied by other WINS servers that store replicated copies of these records. Each replicating WINS server then updates and tombstones.

3. Name the NetBIOS names you might expect from a Windows 2003 DC that is registered in WINS.

Ans:

4. Describe the role of the routing table on a host and on a router.

Ans: During the process of routing, decisions of hosts and routers are aided by a database of routes known as the routing table. The routing table is not exclusive to a router. Depending on the routable protocol, hosts may also have a routing table that may be used to decide the best router for the packet to be forwarded. Host-based routing tables are optional for the Internet Protocol, as well as obsolete routable protocols such as IPX.

5. What are routing protocols? Why do we need them? Name a few.

Ans: A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network, the choice of the route being done by routing algorithms. Each router has a prior knowledge only of networks attached to it directly. A routing protocol shares this information first among immediate neighbors, and then throughout the network. This way, routers gain knowledge of the topology of the network. For a discussion of the concepts behind routing protocols, see: Routing.
The term routing protocol may refer specifically to one operating at layer three of the OSI model, which similarly disseminates topology information between routers. Many routing protocols used in the public Internet are defined in documents called RFCs. Although there are many types of routing protocols, two major classes are in widespread use in the Internet: link-state routing protocols, such as OSPF and IS-IS; and path vector or distance vector protocols, such as BGP, RIP and EIGRP.

6. What are router interfaces? What types can they be?

Ans: Routers can have many different types of connectors; from Ethernet, Fast Ethernet, and Token Ring to Serial and ISDN ports.  Some of the available configurable items are logical addresses (IP,  IPX), media types, bandwidth, and administrative commands.  Interfaces are configured in interface mode which you get to from global configuration mode after logging in.
The media type is Ethernet, FastEthernet, GigabitEthernet, Serial, Token-ring, or other media types. You must keep in mind that a 10Mb Ethernet interface is the only kind of Ethernet interface called Ethernet. A 100Mb Ethernet interface is called a FastEthernet interface and a 1000Mb Ethernet interface is called a GigabitEthernet interface.

7. What is NAT?

Ans: Windows Server 2003 provides network address translation (NAT) functionality as a part of the Routing and Remote Access service. NAT enables computers on small- to medium-sized organizations with private networks to access resources on the Internet or other public network. The computers on a private network are configured with reusable private Internet Protocol version 4 (IPv4) addresses; the computers on a public network are configured with globally unique IPv4 (or, rarely at present, Internet Protocol version 6 [IPv6]) addresses. A typical deployment is a small office or home office (SOHO), or a medium-sized business that uses Routing and Remote Access NAT technology to enable computers on the internal corporate network to connect to resources on the Internet without having to deploy a proxy server.

8. What is the real difference between NAT and PAT?

Ans: Take NAT (Network Address Translation) and PAT (Port Address Translation). NAT allows you to translate or map one IP address onto another single ip address. PAT on the other hand is what is most commonly referred to as NAT. In a PAT system you have a single or group of public IP addresses that are translated to multiple internal ip addresses by mapping the TCP/UDP ports to different ports. This means that by using some “magic” on a router or server you can get around problems that you might have with two web browsers sending a request out the same port.

9. How do you configure NAT on Windows 2008/2012?

Ans:

10. How do you allow inbound traffic for specific hosts on Windows 2008/2012

             NAT?

Ans:

11. What is VPN? What types of VPN does Windows 2008/2012 and beyond work with natively?

Ans:

12. What is IAS? In what scenarios do we use it?

Ans: IAS is called as Internet Authentication Service. It’s used by for configuring centralized authentication using RADIUS server.

13. What’s the difference between Mixed mode and Native mode in AD when dealing with RRAS?

Ans: When you are in Mixed mode certain options in the dial-in tab of the user properties are disabled. And some of the RRAS policies are also disabled. So if you want high level security with all the advanced feature then change the AD to Native mode.

14. What is the “RAS and IAS” group in AD?

Ans: Used for managing security and allowing administration for the respective roles of the server.

15. What are Conditions and Profile in RRAS Policies?

Ans: The conditions and profiles are used to set some restrictions based on the media type, connection method, group membership and lot more. So if used matches those conditions mentioned in the profile then he can allowed /denied access to RAS / VPN server.

16. What types or authentication can a Windows 2008/ 2012 based RRAS work     with?
17. How does SSL work?

Ans: Internet communication typically runs through multiple program layers on a server before getting to the requested data such as a web page or cgi scripts. The outer layer is the first to be hit by the request. This is the high level protocols such as HTTP (web server), IMAP (mail server), and FTP (file transfer). Determining which outer layer protocol will handle the request depends on the type of request made by the client. This high level protocol then processes the request through the Secure Sockets Layer. If the request is for a non-secure connection it passes through to the TCP/IP layer and the server application or data. If the client requested a secure connection the ssl layer initiates a handshake to begin the secure communication process. Depending on the SSL setup on the server, it may require that a secure connection be made before allowing communication to pass through to the TCP/IP layer in which case a non-secure request will send back an error asking for them to retry securely (or simply deny the non-secure connection).

18. How does IPSec work?

Ans: IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle that is organized for transmission across a network, and it includes a header and payload (the data in the packet). IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit.

19. How do I deploy IPSec for a large number of computers?

Ans: Just use this program Server and Domain Isolation Using IPsec and Group Policy.

20. What types of authentication can IPSec use?

Ans:

21. What is PFS (Perfect Forward Secrecy) in IPSec?

Ans: In an authenticated key-agreement protocol that uses public key cryptography; perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future. Forward secrecy has been used as a synonym for perfect forward secrecy, since the term perfect has been controversial in this context. However, at least one reference distinguishes perfect forward secrecy from forward secrecy with the additional property that an agreed key will not be compromised even if agreed keys derived from the same long-term keying material in a subsequent run are compromised.

22. How do I monitor IPSec?

Ans: To test the IPSec policies, use IPSec Monitor. IPSec Monitor (Ipsecmon.exe) provides information about which IPSec policy is active and whether a secure channel between computers is established.

23. Looking at IPSec-encrypted traffic with a sniffer. What packet types do I see?

Ans: You can see the packages to pass, but you cannot see its contents IPSec Packet Types
IPSec packet types include the authentication header (AH) for data integrity and the encapsulating security payload (ESP) for data confidentiality and integrity. The authentication header (AH) protocol creates an envelope that provides integrity, data origin identification and protection against replay attacks. It authenticates every packet as a defense against session-stealing attacks. Although the IP header itself is outside the AH header, AH also provides limited verification of it by not allowing changes to the IP header after packet creation (note that this usually precludes the use of AH in NAT environments, which modify packet headers at the point of NAT). AH packets use IP protocol 51. The encapsulating security payload (ESP) protocol provides the features of AH (except for IP header authentication), plus encryption. It can also be used in a null encryption mode that provides the AH protection against replay attacks and other such attacks, without encryption or IP header authentication. This can allow for achieving some of the benefits of IPSec in a NAT environment that would not ordinarily work well with IPSec. ESP packets use IP protocol 50.

24. What can you do with NETSH?

Ans: Netsh is a command-line scripting utility that allows you to, either locally or remotely, display, modify or script the network configuration of a computer that is currently running.

25. How do I look at the open ports on my machine?

Ans: Windows: Open a command prompt (Start button -> Run-> type
“cmd”), and type:
netstat -a

Linux: Open an SSH session and type:
netstat -an

Courtesy: 

1) Syed Jahanzaib

2) DanielPetri

Part 1

Part 2