Network Security Engineer Interview questions

These questions are sample questions from the ebook 

What feature can be configured on a switch to prevent rogue DHCP server attacks.

DHCP Snooping is a feature which can be configured to prevent rogue DHCP server        attacks.

Name two protocols which can be used to provide data encryption services.

 SSL is used by application protocols for providing encryption. IPSEC is used to encrypt   the IP packet data.

Which feature on a firewall can be configured to defend against IP spoofing attacks.

  Access control lists can be used as a defense against IP spoofing attacks.   

Name two attacks which are targeted on FTP servers.

 FTP protocol transmits data in clear text. This makes it possible to eavesdrop   communication between a FTP client and a FTP server and retrieve confidential   information like username and passwords. FTP servers uses username and password combination for authentication. A weak password policy makes it vulnerable to brute force attacks.

Which security feature on a switch can be used as a defense for cam flooding attacks.

 In a cam flooding attack, the goal of the attacker is to fill up the mac-address table of the  switch by generating frames with different source mac-addresses. As a defense, port- security feature can be configured on a switch port, which can be used to limit the  number of allowed mac-addresses on a switch port.

Name two tools which can be used to create custom packets.

Nmap and Scapy.

An organization uses a Cisco router for routing between its internal networks. What feature on the router can be used to block access specifically between two internal networks.

Extended access control lists can be configured for blocking access between internal networks. With an extended access control list, the source and destination IP network subnets can be specified.


Name one security limitation with Rip v1 and how it is improved with Rip v2.

Rip v1 does not use authentication. This makes it vulnerable to route poisoning attacks.   An attacker can craft custom Rip v1 packets and corrupt the routing table. In Rip v2,  authentication is provided by having MD5 based password authentication.

What is the fundamental difference between hashing and encryption.

In hashing, the original text cannot be derived from the output text. In encryption, the  original text can be derived by decrypting the output text with the encryption key.

In a private/public key infrastructure, which key is used for encryption and decryption.

 Public Key is used for encryption and Private Key is used for decryption.

Name a secure protocol which can be used for managing a remote router


An organization has a HTTPS based server behind a firewall. A website is hosted on the Web server. Which port should be open on the firewall for allowing outside users to access the HTTPS based website.

HTTPS uses SSL, which uses TCP port 443. So on the firewall, TCP port 443 should be   opened.

Which feature can be configured on a Cisco router as a defense for smurf attacks

 Smurf attacks uses ping with destination IP address as broadcast address for the network.   The goal of the attack is to make all users on the network to respond to the ping. ‘no ip  directed-broadcast’ can be used so that the router would not respond to broadcast based  ping requests

Two IPSEC routers are configured to communicate with each other. Pre-shared keys are used on both the routers. Are these keys used for encrypting data on the IPSEC tunnel

The shared keys are never used directly for encrypting data. The keys used for data   encryption over the tunnel are derived dynamically and is unique for every session.

What type of attack does STP BPDU-Guard on a Cisco switch provide protection from

The feature protects STP manipulated attacks with lower bridge priority.

In a HTTPS based communication between a client and a server, where is the encryption key stored

The key is derived dynamically for every session. There are no static keys which are  stored either on the client or the server.

A user in an organization wishes to connect to a Web server, which is residing on the internet. The user is behind the organization firewall. What configuration should be setup on the firewall for the user to access the Web server.

Traffic originating within the organization is considered as trusted. So there is no need of  any additional configuration to make the solution work.