Network Security Scenario Based Interview Questions

The following is a scenario based network security interview question.

This question is sample from the 250 Network & Security administrator interview questions & answers Ebook


The following questions are based on the below scenario. A firewall is setup behind a router. On the network, there is also a server which is available to be accessed by users on the internet.

network security scenario

What type of firewall is to be used if access control has to be configured for users accessing the server based on IP address.

For basic access control based on IP address, a packet filter firewall would suffice. Access control lists can be configured which would permit or deny the required IP address or networks.

In the above topology, it is required that users from the internet access only a specific application. What type of firewall and features can be used?

Every application has a specific port number. For ex, https uses TCP port 443, HTTP uses TCP port 80 etc. A packet filter firewall like a Cisco IOS router can be used to configure an access control list which would allow only the required port and deny the rest.

What type of firewall is to be used for mitigating application layer attacks on the server.

An application layer firewall or a deep packet inspection firewall which has the capacity to scan malicious content / signatures can be used for the purpose.

It is required that users from the internet access only the required service on the server, but should not have access to the LAN network. What should be done.

A DMZ (De-Militarized Zone) has to be setup. The server should be placed in the DMZ. Appropriate ACL should be configured on the firewall which would permit access to the required application and deny access to the LAN network for internet users.

It is required that users from the internet should not be able to ping the firewall. All ping requests should be dropped. How can this be achieved.

An access control list which denies ICMP requests can be configured on the firewall. Ping uses ICMP. When internet users pings the firewall IP address, the ping packets would be dropped and a response would not be sent.

If the firewall is a statefull and a user on the LAN network access a website on the internet, which fields would be used for tracking the packet

HTTP uses TCP. Statefull firewall keeps track of the source and destination port, sequence and acknowledges numbers for TCP based connection.

This question is sample from the 250 Network & Security administrator interview questions & answers Ebook


Ebooks for interviews – click here