30 Network Engineer Interview Questions & Answers

"Sending data between two networks is predominately done in one of two ways, TCP or UDP. TCP ensures that every packet gets to the receiving network. If there is an error in a packet or a packet is missing, that packet is resent, and an acknowledgment is sent to the sender. TCP traffic is used mostly when data is essential and every packet counts. UDP on the other hand is more fire and forget and used mostly in voice and video traffic. Since this happens in real-time, there is no benefit to making sure missed packets or errored packets get resent. Plus, this adds more overhead to the traffic that can cause network performance issues, such as higher latency or slower network."

"A private IP address is for private use in enterprise or home/home office settings. Private IP addresses are not routable on the internet and are not allowed to be used on the internet. Private IP addresses can be used by anyone within the confines of the company, office, or home. They are not intended to be used as a routable IP space."

"UTP stands for Unshielded Twisted Pair. It usually has a max length of 100m."

"Network address translation, or NAT, allows private IP addresses to be represented by one or many Public IP addresses registered with IANA. It provides the ability to traverse the internet with a private to public IP address mapping and to get to other parts of the web."

"A point-to-point link is a private or leased line that a business purchases for high availability, reliability, and security. Since it is a private line lots of encryption is usually not required but depending on what the type of business is such as government or finance, encryption requirements are added and implemented either by the service provider and/or the customer."

"A subnet mask is a way to subdivide a classful network into a smaller network that best fits the number of users or devices for your particular network. Subnet masks allow you to create multiple networks and separate networks from each other, thus creating fewer broadcast storms, which can debilitate a network as it grows larger. Subnets also help organize different parts of an organization's devices or users in a more manageable and efficient manner to lessen potential problems with one large private classful network since all devices on that network would receive a broadcast if sent out to the network."

"Ipconfig is used on Windows machines, while ifconfig is used on Linux machines. They essentially give the same types of information, which are IP address, subnet mask, and default gateway. Additional add ons to these will exhibit more information, such as mac address."

"VPN or Virtual Private Network is an encrypted connection over the Internet from a device to a network."

"The function of data encapsulation in transmitting information across the network is to ensure appropriate information is layered onto data as it goes from the application layer down the TCP/IP or OSI stack models and onto medium to its final destination so that it gets from point A to point B correctly, reliably and effectively."

"A NIC stands for a Network Interface Card, and it contains a unique Media Access Control address, an alphanumeric hexadecimal number. The first six hexadecimal represent the vendor, while the last six are uniquely assigned by the vendor. All NICs are unique and represent a physical address that cannot be changed, such as a logical address or an IP address."

"It is in the range of a class A IP address, but it is not considered a part of it since it is a specifically reserved IP address for a local machine."

"The classes that make up an IP address are Class A, B, C, D, and E. An IP address can be either an IPv4 or IPv6 address. IPv6 was intended to replace IPv4, as IPv4 was starting to get depleted. However, due to NAT and PAT, this has not been a big concern, although IPv6 is still widely used in networking. For this question, I will stick with IPv4. IPv4 is a 32-bit address made up of four octets, each containing 8-bit binary numbers of either 1 or 0. Each octet decimal value can range from 0 to 255. Private IP addresses are in class A, B, or C, with Class A private IPs in the range of 10.0.0.0 to 10.255.255.255, class B private IPs of 172.16.0.0 to 172.16.255.255, and class C private IPs of 192.168.0.0 to 192.168.255.255. The remaining IP addresses are usually considered public, but you also have reserved IP addresses, such as 127.0.0.1 - 127.255.255.255 and all the multicast addresses used for routing protocols such as EIGRP and OSPF."

"A proxy server is a server that stands between the private enterprise internal network and the internet or public. This is a security measure to ensure that no one can enter into the private network directly from the world wide web or internet. The proxy server acts as an intermediary between a client residing on the outside."

"A domain is a client/server network type in which users can log in from any device within the domain or office. All devices are managed from a central administrative location or device and have centralized storage in which users' data can be stored in centralized storage. This is mostly seen in big companies and enterprises. Workgroup is individual devices that users can only log into their specific device and talk with other individual devices. These devices are not remote login able and are not centrally managed. They are mostly used when security is not a factor or in smaller environments such as a home network."

"DNS stands for domain name system, and it is a way for IP addresses to be represented in human-readable text. This is predominately so humans don't have to remember an IP address to visit a webpage on the world wide web; instead, they can type in a name instead of an IP address."

"A firewall provides a boundary for access control into and out of a network environment. A firewall will filter traffic by primarily permitting or denying traffic depending on the rules within a firewall that provides a boundary or perimeter protection into and out of a network environment. Firewalls ensure that only traffic that is allowed to get into a network goes through instead of unwanted or malicious traffic. Next-generation firewalls and stateful firewalls now only allow traffic back into an environment if it originated from that environment and out through the firewall, so it's bidirectional."

"HTTP and HTTPS are both TCP protocols, and they have port numbers 80 and 443, respectively. While both are widely used, TCP 80 is not considered secure, so you will most likely not see this while on the internet or somewhere where a web server is publicly available. Instead, you will see TCP 443 used most of the time. They are both protocols that allow you to view a web server's web page by using an internet browser such as Chrome, Firefox, Microsoft Edge, or Internet Explorer."

"TCP/IP stands for Transport Control Protocol/Internet Protocol and is the set of communication protocols used in the internet and computer networks of today. It is a four-layer suit, starting at the top with Application Protocol, Transport Layer, Internet Layer, and finally, Link Layer. Each layer is responsible for a set of protocols for the transfer of data."

"TCP and UDP are layer 4 protocols, and they handle traffic differently. TCP is the protocol that is used when traffic needs to be sent from one network to another in a reliable fashion or in which all the data that is intended to be sent needs to be sent in its entirety without errors or missing packets. Because TCP is considered reliable, it comes at a cost of more overhead traffic that checks on this reliability, and that increases the amount and size of TCP traffic. UDP traffic is most useful when data does not have to be checked and resent. This is more commonly used in voice and video traffic, where data packets do not have to be resent if dropped or a packet is in error since these types of traffic are in real-time."

"A hub has connections that are considered one collision domain, which means devices need to use CSMA/CD to ensure they are not colliding with other devices trying to talk over a hub. A switch separates each of its port connections into individual collision domains so each device connected to a single port or a port channel is its own collision domain, but the devices still use CSMA/CD. A router separates broadcast domains from each other or VLANs/subnets from each other. A router allows different broadcast domains/VLANs/subnets to talk to each other and send/route traffic to each other. A switch can do some functions of a router if it is considered a layer 3 switch."

"The OSI reference model is a 7 layer model that starts at the top with:

Layer 7 - Application Layer - HTTP, HTTPS

Layer 6 - Presentation Layer

Layer 5 - Session

Layer 4 - Transport (TCP, UDP)

Layer 3 - Network (IP, ICMP)

Layer 2 - Data Link (MAC Address, Frame Relay)

Layer 1 - Physical (Binary, 1s, and 0s)



The primary purpose of the OSI reference model is to help visualize and utilize the reference model during troubleshooting and to know at what layer the issue or problem may be at up and down the OSI stack."

"The various types of internet connections are dial-up and broadband. Dial-up is rarely used today due to broadband but dial-up was used back in the early years of the internet. It used a phone line and a dial-up modem to connect to the internet. Broadband is the most widely used if not entirely used by those getting on the internet today. It comes in many different flavors such as DSL, Cable, Fiber Optic, and Satellite."

"The important characteristics of computer networking are its reliability, usability, and security. A reliable network is always available to use. That way, users can depend on the network being up. A usable network is not slow and does not impact users while they are on the network. A secure network is protected from network attacks that can impact the reliability, usability, or performance of the network."

"File transfer port or protocol. To transfer file between network on port 20 or 21."

"A common way hackers attempt to shut down an organization is through Denial of Service and distributed denial of service attacks. A denial of service attack floods a server with traffic, making a website or resource unavailable. A distributed denial of service attack is a DoS attack that uses multiple computers or machines to flood a targeted resource. Both types of attacks overload a server or web application to interrupt services. As the server is flooded with more TCP/UDP packets than it can process, it may crash, the data may become corrupted, and resources may be misdirected or even exhausted to the point of paralyzing the system."