Intrvw

= Google GCP Workspaces =


 * Code:


 * Code2:

def analyze(numbers): result = [] index = {} min = None max = None for n in numbers: index[n] = True if not max or n > max: max = n 9 if not min or n < min: min = n 0 for n in range(min + 1, max): if not n in index: result.append(n) return result

analyze

4,5,6,7,8 3rd 0—-

analyze([5,9])

(6,9) result = [6,7,8]

analyze([3,0,5,9]) 4,3

Result = [1,2,4,6,7,8]

def analyze(numbers): min = None max = None for n in numbers: print(n) if not max or n > max: max = n       if not min or n < min: min = n       print("max: ",max," min: ",min)
 * Equivalent Code:

>>> analyze([3,0,5,9]) 3 max: 3  min:  3 0 max: 3  min:  0 5 max: 5  min:  5 9 max: 9  min:  5
 * Results:

>>> min = None >>> not min True >>> min = 0 >>> not min True
 * Logic:

def analyze(numbers): min = 0 max = 0 for n in numbers: print(n) if not max or n > max: max = n       if not min or n < min: min = n       print("max: ",max," min: ",min)
 * Working code for Min & Max:

= Amzn SysDE II =

chmod -x /bin/chmod
 * Recover from below issue:


 * 1) Copy
 * 2) tar -file
 * 3) ld


 * Coding

feedback - team liked, pleasure in interview strong NW stron linux LP fine L4 is not good for you System design not good DB using indexing, Queues, scalable, parallel approach, LB using, indexing DBs, instead of storage. Coding was also OK, difficulty with dictionary Should know Datastructures not algorithms Try again in 6 months, ask HR & try to get exception.
 * Debrief

latency ={} occurrance = {}
 * Correct Code:

with open('latency2.logs','r') as file: for line in file: lat = int(line.split[-1]) oper = line.split[-2] if oper in latency.keys: add_latency = latency.get(oper) + lat occurrance.update({oper:occurrance.get(oper)+1}) else: add_latency = lat occurrance.update({oper:1}) latency.update({oper:add_latency})

print(latency) print(occurrance)

for k,v in latency.items: print(k,int(v/occurrance.get(k)))

= MasterCard =


 * SSL Handshake
 * TCP 3-Way Handshake
 * TLS 1.0 vs TLS 3.0
 * curl -kv (meaning of k)
 * HTTP

= Microsoft =


 * HM Round:
 * State a Work process you changed
 * Mention a time when you worked with a Cross functional team
 * Mention a time when you tried to understand the Customer needs in a better way.

- Check how many IP addresses from a range are online - Login into one of them & perform traceroute to each & save output to _traceroute.txt file - Login into each and save output of ipconfig/all & nbtstat to a file called _config.txt
 * Scripting Round
 * Write a code to:
 * Program with AND/OR function operations
 * What is a Pull Request? (Merge branch into Main branch)
 * What is a Class? (Datatype eg: string - Cat, Sub, etc functions)

-> allowed VLAN command
 * Networking Round
 * NTP Strutum
 * Vlan turking - switchport mode trunk without impact
 * Difference between BGP default info orig & default orig
 * OSPF AD? eBGP/iBGP AD?
 * BGP port no, States, Attributes
 * OSI Model

= AMZN Networking =

Round 1
Directions? Session Ticket OSPC Stapling TC Flag
 * BGP Route manupulation
 * Anycast
 * Linux check WSF
 * SSL speed up at LB level:
 * Cookie Uses
 * Google BBR - congestion control algorithm
 * DNS check if reply is spoofed or not?
 * How does DNS client knows when to switch to TCP?

Round 2

 * Experience with diffcult customer
 * Learnt from feedback

RDP, VNC (Teamviewer, Webex for PC) RDP Port no TCP port 3389 and UDP port 3389
 * Windows
 * How to remotely access Windows server?
 * Page file
 * Service
 * Service fails, how to check logs? (Event logs viewer)


 * Linux
 * Kernel
 * Inode
 * Check CPU, Memory, HDD info?
 * Check Load Average? What is the output?(1,5,15 min avrg), what does it mean?
 * Check Clients we are connected to? netstat -ant -> Foreign Address
 * ifconfig -a - eth0:1 - What does :1 mean? (vlan)
 * Check file in use by which process? lsof
 * Runlevels
 * Check DNS config? /etc/resolv.conf & interface config
 * Iptables?

curl -v http://google.com telnet nc ipconfig netstat traceroute top ps free df dh
 * Networking
 * NAT
 * How does Traceroute works?
 * Request & response headers
 * Commands used in daily troubleshooting

[PC]-[Website] 1st attempt - 404 2nd attempt - 200 3rd attempt - 404 4th attempt - 200 LB having 2 servers, one is not having app installed, check logs & disable it.
 * Scenario

Round 4 - Architecture
- Avi SE scaling, use 3 node cluster for controller - Use 2 AZs - How DB will sync - GSLB usage - geodb Networking - how persistence will work - Storage redundancy - Storage slow, use SSD - Pics load slowly in Japan
 * Explain case you have worked - Voip CB Repro
 * Design a Ecommerse website with full redundancy, explain protocols used:

Round 5 - Linux
- Stop  (my answers) - Start - Running - Sleeping ==> Interupptable waiting/ uninterruptable waiting -> Explain each - Killed - Zombie
 * Boot process in detail
 * What is kernel? How does it communicate with HW/User? System calls
 * Name the various System calls
 * What is initrd ? What it contains/does ? (drivers to load disk,etc)
 * Runlevels
 * Upstart/Systemd
 * What is Swap?
 * How to find swap usage?
 * How to find if a file is moving from RAM to SWAP? iotop(process wise usage) & iostat(part wise usage)
 * How to check processes using most CPU/How to check CPU usage per core?
 * Process States:

- Format - Partition - Mount
 * Type of File systems - FAT32/ExFAT, NTFS, EXT3, EXT4
 * How to use a brand new disk in Linux machine

6 -> user     - Read/Write 4 -> group  - Read 0 -> Others - None
 * What are permissions -> 640?

- Buffer/Cache field? - Swap field?
 * How to check Memory usage - top//free -m // cat /proc/meminfo

df -h => check free disk space df -i => Free inodes check
 * How to troubleshoot if a file stopped coping in between saying no disk space, but disk space is there.


 * What is inode? How can they get full(mail server; large no of empty files)?

Round 6 - Networking
curl -I,  telnet,    nc,    ping
 * Design a website for 500 Employees - use 2 AZs?
 * Troubleshoot a website not reachable?

dig @42.2.2 google.com
 * How to check if DNS is working or not?


 * Check packet captures using tcpdump.
 * Explain DNS resolution in Full details.
 * Troubleshooting a slow website:

Top --> CPU, Memory,  Process usages, Load avg df -h --> Disk usage free -m cat /proc/meminfo netstat -ant cpu ==> 0 "us" user space top -o %CPU

Hello DBD LSR LSU [LSAa] LSAck
 * Explain TCP Window? How it can be full
 * OSPF vs BGP? why not use OSPF for Internet instead of BGP?
 * OSPF packet types?

Need to know about the type of attack Syn Flood attack can be mitigate by using Syn-Cookie
 * What is Area 0 in OSPF?
 * BGP Attributes
 * BGP getting more traffic from one ISP than other? How to balance that?
 * What is DDOS attack? How to mitigate it?
 * What is Syn-Cookie used for?

Round 7

 * Repro Attempt
 * Something not done within committed time
 * Something done differently from a colleague
 * Something you have done apart from regular work
 * Tough Feedback received; What you did about it.

= AMZN DMS = Tell me something where you did something extra during a case/your job Tell me something where you learned something during a case/your job Where do you store your code(Github)? How can some one other edit code? How DNS works? Explain in detail. DNS traffic Flow? Search local cache > hosts file > DNS server What is VoIP? How SIP works? Scenario: [LB]--[srv1][srv2][srv3]srv4] Srv3 is slow, latency, how to troubleshoot? top, free -h, df -h How to check traffic requests coming per second? netstat -s, ss -s, tcpdump
 * 1st Round Online Challenge
 * Telephonic Round

= AMZN Sydney NDE =


 * Round 1

OSPF States OSPF LSAs Type 4 LSA Details Type 3 LSA Details Route Selection Hierarchy - E1, E2, N1, N2 Looping prevention in OSPF 1) Only best route selected in SPF; 2) All Areas must connect to Backbone Area. ABR has 2 DB Tables for 2 interfaces each in different areas, each learning same route with same cost, how will best path be selected. How is route removed in OSPF, What is there in LSU?
 * OSPF

Loop prevention method for eBGP(AS Path list own AS Number, route removed) Loop prevention method for iBGP To avoid routing information loops within the same AS, all IBGP routers must peer with every router within AS        Only TCP sessions required, not physical connections) – this is called full mesh IBGP.         IBGP uses split horizon rule (covered in other article), which states that routes learned from one IBGP neighbor is never sent to the rest of IBGP neighbors.         That way, when you have full mesh IBGP, routing information loops will not occur, because all routers have the same routing information.    Attributes for affecting Outbound traffic? MED & Local Preference?    Attributes for affecting Inbound traffic?
 * BGP


 * Linux

High CPU Troubleshooting Commands: GREP, AWK, SED Case/Implementation you worked - NSM repro, SIP Asterisk repro Scripting/Automation example - Top VS list


 * Round 2

Explain LB usage in detail How it distributes connections from TCP prospective? How is connection initiated & how it reaches Server? Can LB use VIP to connect to Server? When in Citrix Netscaler it uses VIP as source IP for connecting to Server?
 * Load Balancer


 * BGP

Scenario for eBGP:

|-[R2]---| [A]-[R1] [R4][B] |-[R3]---|

How is maintenance done in R2?(ASPath Prepend and Local_Pref)

Shutdown command? not preferred, disruptive way Local Pref? Nope Med? Nope IS local Pref used in eBGP? '''Where is MED set on? (Med cannot be used in eBGP)''' AS-Path prepend: Way to add AS number to the list of subnet u want to advertise. This is a way to route poisoning. Tell the outside world not to follow the path. Applied outwardly. Impacts incoming path. Local preference: Applied while the traffic coming inside. Impacts traffic while going out. Non transitive. Propagates within the AS-Path. Higher is preferred MED: When your router has connection with two other routers with same AS. Let's say you have 2 subnets behind your router. You can use MED value to mention which networks should be accessed through which links. It is advertised outwards. Impacts the incoming traffic. Semi transitive. Propagates to one AS. Lower is preferred Should be used carefully as it reduces network resiliency. Can we do Load balancing across R2 & R3? (ECMP?) Loop Prevention in eBPG? Loop prevention in iBGP? For above Scenario? (Split Horizon, do not advertize to other iBGP peers, but learn directly from neighbor) Need for a direct connection b/w R1 & R4? What if not possible? (Run IGP) How Router Reflector prevents loops (using RR, RR Clients, Non-Client Peers) When will a router received be discarded: Originator-ID same as own Router-id(the route is discarded in this case) Originator-ID different from Router-ID


 * Python

Skill you learned in past 12 months? Python Describe a project you worked on in Python? How did you learned Python?


 * Scenario 1

[PC]---[Branch India]---[HQ US][Update Server]

How does PC reach Server for updates? Explain all steps - ARP, DHCP,DNS, TCP, HTTP(GET), etc If Download is Slow, how will you troubleshoot? Where will you take captures? (All devices) Which device's captures will you see Retransmissions? (All) TCP Slow Start? What happens if TCP Packet is lost? Will Latency cause slowness? If 1 server is in US & Another is in India with same BW, will the download time change? If so, how much?


 * Scenario 2

[PC]--[SW]---[Router]--[DNS Server]

Captures on Switch, what will be Source & Dest IP as well as MAC?

= AMZN NDE =


 * Steps to upgrade 10 Routers safely.
 * iBGP vs OSPF
 * Loop avoidance in OSPF
 * What are OSPF Areas?
 * RIB vs FIB
 * Can BGP COnverge as fast as OSPF
 * iBGP Loop avoidance
 * What direction is AS PAth Prepend applied?
 * WSF, why it is just 65535?
 * Collision avoidance
 * How is congestion detected? (RTO & 3 Dup ACKs)

Task:
 * Q. Write a function to verify if a given set of interfaces is present as next-hops for a given prefix in router's routing table.
 * Implement function: check_prefix_next_hops("router-1", "216.182.232.249/32", ["bond1", "bond3"])
 * Function must return True/False
 * Use example router output from MOCKED_DEVICE_DATA object

= AMZN SysDE =

- timeout always present either 1 or 0 - dest IP address
 * 1. Extract Timeout & Desination IP address information from a log file
 * The log file is in text format having 2 elements:
 * Big annotation
 * What will happen if you do not close the file in python & program crashes?
 * Is there a way to close files automatically?


 * 2. Script to print duplicate files from a directory
 * How to run a Unit Test(performance test) on this script?
 * Why not use a Dict?

f = open('/var/log/apache2/access.log','r') lines = f.readlines f.close
 * 1) Read the file

print(len(lines))

a = [] for i in lines: a.append((i.split[0], i.split[8]))
 * 1) Append Response code & Dest IP address to 'a'

print(len(a))

b=[] for i in a:  b.append(i[0])
 * 1) Create a set of IP addresses 'b'

b = set(b)

print(len(b))

c=[] for i in b:    x = [] for j in range(len(a)): if i == a[j][0]: x.append(a[j][1]) c.append((i,x))
 * 1) Create a new list having Unique IP addresses & list of Responses for each:

print(len(c))

for k in range(len(c)): print(c[k][0],len(c[k][1]))
 * 1) Print the results:

= Google =

Challenge
= Google Dublin =


 * Round 1


 * Round 2

= CouchBase =

A page fault (sometimes called #PF, PF or hard fault) is a type of exception raised by computer hardware when a running program accesses a memory page that is not currently mapped by the memory management unit (MMU) into the virtual address space of a process.
 * OOM Killer
 * Page Fault

Create Static entry Increase Cache Time
 * Swap Memory
 * DNS Rate Limiting Troubleshoot

Check RTT for other traffic & DNS Specific traffic.
 * DNS latency in Server or Network Troubleshoot:

startTime : 12332121324 endTime : 21342313222 serviceName : abc status : 200
 * Print below logs:

startTime : 12332121324 endTime : 21342313222 serviceName : abc status : 200

startTime : 12332121324 endTime : 21342313222 serviceName : abc status : 200

startTime : 12332121324 endTime : 21342313222 serviceName : abc status : 200

startTime : 12332121324 endTime : 21342313222 serviceName : abc status : 200

f=open('text.txt','r') l=f.readlines
 * My Solution:

a=[]

for i in l: if ":" in i: a.append((i.strip('\n')).split(':'))

b=[] for i in range(len(a)): b.append(a[i][0])

b=set(b)

for i in b: print(i,end='')

for i in range(len(a)): if "startTime " in a[i]: print(a[i][1],a[i+1][1],a[i+2][1],a[i+3][1],end='') print('\n', end="")

= Juniper =

Is UDP Stateful How is UDP connectionless FTP types What is Frag Offset IKE v1 vs IKE v2

= Dell =

Vpn support multicat,broadcst dhcp across vpn, firewall interfaces in diff subnets traffic shapping fragmentation ssl

= Aryaka =

Traceroute ICMP though PAT {I think FW will identify each session based on Identification field} Bandwidth vs throughput DPD FW down, how long VPN will stay up   Traceroute AnyCache Route Need for NAT-T Congestion Control Active vs Passive FTP WAN Optimization

= IBM =

Point to Point Network stuck at 2-way state in OSPF OSPF loop prevent mechanism why Bgp is used in enterprise Famous BGP communities STP replacement => switch fabric in nexus sw

= AVI =


 * Telephonic Screening

DHCP, which packets are unicast, why? 3-way Handshake parameters exchanged How Traceroute works VLAN, types of ports, importance of Trunk interface Router on a stick Importance of TTL IP header fields How certificates verify URL? Can it be Tempered? What is SACK What parameters change in a packet when crossing a Router? Does it recalculate Checksums?


 * 2nd 3rd Round

HTTP 1.0 vs 1.1 What is Hyper-visor? How Virtual Network Works? Difference between Bridge & Switch? Example of L4 Service in Netscaler? How does a HTTP Request looks like? Explain a case you worked recently How Content Switching Works? Python script logic to find duplicates in list(using arrays)

x = [1,2,4,6,8,2,0,3,4,1,9] for i in range(len(x)): for j in range(i+1, len(x)): if x[i] == x[j]: print x[i]

WanEM usage in Repro Jitter vs Latency DNS ALG Working DNS Doctoring, DNS across NAT Does DNS use TCP or UDP? Who decides it? Active vs Passive FTP, ALG working 3-way Handshake What parameters are exchanged in 3-way Handshake What is Window Scaling Factor? How to calculate MTU? What is HTTP Option Connect used for? What is use of SACK? OSPF States? '''How is Master Elected(Highest Router ID becomes Master)? At which Stage?''' What is 2 Way State? Is OSPF Reliable protocol? What are DBD, LSU, LSAck? Which ones are Acknowledged? What does IP Packet looks like? What is DF Bit? What ICMP Message is sent when Packet is dropped due to larger packet than MTU with DF set? Can MTU be larger than 1500? What is Elastic IP address?


 * 4th Round

TCP 3way Handshake in Depth What value Sequence number represents? TCP Slow Start How does Receiver controls flow so that it is not overwhelmed by Data? (Delayed Ack & Windows = 0) Explain flow in below scenarios:

[PC]---[SW][SW]--[PC] [PC]---[SW]---[Router][SW]--[PC]

Explain Source & Dest MAC & IP values in above scenarios at each stage. How does Switches in above populate MAC Table? How is the ARP a Broadcast with Destination MAC as 00:00:00:00:00:00? (This is at ARP header, BC uses ff:ff:ff.. in Ethernet header) What is DNS Iterative & Recursive Query? OSPF: what parameters need to be matching in hello? Does Stub Flags need to be matched? What can be the issue if it gets stuck at Init state? What can be the issue if it gets stuck at Exstart state? MTU Mismatch. Scenario based Internet is not reachable in depth Troubleshooting for: [PC][Router][Internet] How Traceroute works? Which protocol it uses? (ICMP & UDP) '''SSL handshake? when Server cert or Client cert asked?''' What does certificate looks like? What fields are there? How are SSL Keys Calculated? How Virtualization works? XenServer? What is Hypervisor?


 * 5th Round Consulting

What parameters need to be configure in a Firewall initial setup? Screening, NAT, Routing, Policies, MIP, VIP? Can a ScreenOS FW work on L7? yes with ALG, AV, DPI. Explain OSPF case you worked? Have you created any Scripts? Netscaler case you worked recently How to find out a session among 224K users, when customer dont know IP address? (Can use Curl custom User Agent & Filter it in traces) Difference bw HTTP 1.0 & 1.1 '''How to TS Latency in wireshark? Enable Timestamp - Preference > Protocol > TCP > Calc TS.''' '''How does HTTP Request look like? Which fields are mandatory?''' '''What is the importance of Host Header? (used when server is having multiple virtual hosts bound to same IP address, used to send request to correct vhost)''' How to configure Apache Server? What are the various directives? What is root directory? '''How does HTTPS figure out the correct Server certificate to be sent if multiple vHosts bound to same IP address? At what stage in SSL?''' There is an TLS Extension called SNI, used to MAP correct Server Name to Certificate. Sent in Client Hello?? [Need to verify]

Linux Knowledge? Explain any case resolved with that? App is not accessible in below scenario, How to troubleshoot: [PC]-[Router]-[Server] IPtables, CPU, Memory, HDD, etc LSOF, open file limit in old Unix very less ~256, need to extend it, in linux Socket is same as files, so server stop responding after 256 limit.

LB 2 commomnly used methods (Source IP & Cookie Insert), How they work? Which one is more scalable/Efficient? Stateless Session Persistence: Cookie inserted by ADC is more efficient because no need to create a table, NS will insert cookie & forget, with reply, it will read cookie value, decrypt it & fwd request. State-full Session Persistence: Server will insert cookie, NS will hash it & fwd based on Hash value but will need to keep a table in memory with all hashes & IP Addresses. Same is true for Source IP based Persistence, Also inefficient behind NAT Using Set-cookie-header = by Server - insert Name & Value Fields Client sends cookie in Cookie Header Who ever generates cookie, will be able to read it

Explain Repro efforts you have done in details.


 * 10th Round

Explain SIP Flow Does it uses TCP? (no it uses UDP for both SIP & RTP)

= Citrix (Anshu) = Reno Difference b/w Http/1.0 and Http/1.1 - Only Persistent connections & more methods? yes methods as well Cookies, Caching and proxy - not in much detail types and little explanation is fine Time Stamping : RTT calculate = Time to segment send + ack received without retransmission How MSS value is decided = decided by server & client & sent in 1st & 2nd Packet? send informs its MSS ,exchanged in 1st and 2nd packets of 3 way handshake Relationship between MSS and MTU = MTU - [IP & TCP Headers] = MSS Difference b/w them IPSec and SSL?  Why IPSec uses two phases and ssl one phase? main purpose of 2nd phse of IPSEC is to provide PFS as it is normally used for long duration connections (eg VPN ) while SSL is used for comapartively short durations additinal steps are required to enable PFS in SSL,Refer link Nat-t hash calc = RFC file's HASH? Yes - The HASH is calculated as follows: HASH = HASH(CKY-I | CKY-R | IP | Port)

Nat which side, marker? How query resolved? Meaning Recursive & Iterative? clients send recursive queries, ISP DNS servers do iterative queries likewise flow can be explained Reverse DNS query? Where is this used? in IPv6? mails, nslookup etc. DHCP Flags - Which Flags? all are important - DHCPOFFER: 0x8000 for broadcast, 0x0000 for unicast DHCP - DORA Process, Flags, Relay Http status code Http headers Cookies, Caching and proxy Types of ARP and explanation & usage TCP and UDP difference 3 Way Hand shake TCP flags Difference b/w PSH and URG TCP options MSS, SACK, Widow scaling Slow start and fast re-transmission TCP well known ports Fragmentation SSL Handshake DNS Types of records, Zones, How query resolved, Reverse DNS query

HTTP Topics: 7 Header Fields 7.1 General Headers 7.1.1 Cache-Control 7.1.1.1 Request 7.1.1.2 Response 7.1.2 Connection 7.1.6 Transfer-Encoding 7.1.7 Upgrade 7.1.8 Via 7.2 Client Request Headers 7.2.6 Cookie 7.2.10 If-Match 7.2.11 If-Modified-Since 7.2.12 If-None-Match 7.2.13 If-Range 7.2.14 If-Unmodified-Since 7.2.18 Referer 7.2.19 TE 7.3 Server Response Headers 7.3.3 ETag 7.3.5 Proxy-Authenticate 7.3.8 Set-Cookie 7.4 Entity Headers 7.4.10 Last-Modified 8 Caching (overview is fine if not able to read completely ) 8.1 Request Directives 8.2 Response Directives 10 Security 10.3 DNS Spoofing 10.6 Proxies and Caching

Http status code Http headers Cookies, Caching and proxy Types of ARP and explanation & usage TCP and UDP difference 3 Way Hand shake TCP flags Difference b/w PSH and URG TCP options MSS, SACK, Widow scaling Slow start and fast re-transmission TCP well known ports Fragmentation SSL Handshake DNS Types of records, Zones, How query resolved, Reverse DNS query DHCP - DORA Process, Flags, Relay

= Citrix =

FTP active vs passive - policy required ARP vs GARP ARP packet vs GARP packet differences PUSH vs URG. Which one will be process earlier in receiving side? VPN Scenario -2 VPN Tunnel -One using Internet & other MPLS -Source is same -Destination has 2 servers -10.1.1.1 = secure app -10.1.1.2 = general app -Secure app should use MPLS -General app should use Internet

SA? SA vs Proxy id   Route based VPN with non juniper device possible? what differences? Fragmented traffic - whoo will fragment? How will dest know if it is a last fragment? MTU vs MSS? Max MTU size for ethernet? Max MTU value for fiber optic possible? Window? Max Window size Will receiver send Ack immediately after receiving a segment is received SSL Handshake HTTP Status Codes HTTP Request and Response methods SRX flow SRX Why SNAT & DNAT before route lookup What was the issue with ScreenOS NAT lookup method Types of NAT supported in SRX Logs which plane generates - data/routing plane

= Convergys (SRX TAC) =

3-way handshake Why 2nd syn Parameters exchanged in 3 way handshake TCP flags Push vs URG flag MSS vs Window size Receive window size is the maximum amount of received data, in bytes, that can be buffered at one time on the receiving side of a connection. The sending host can send only that amount of data before waiting for an acknowledgment and window update from the receiving host

PC connected in LAN. What will happen - GARP, DHCP, etc GARP - src & dst MAC GARP - Ethernet header MAC DHCP - DORA process User unable to access Internet - Troubleshooting Approach User traffic blocked in FW - Troubleshooting Approach Latency in FW troubleshooting - Troubleshooting Approach Main vs Aggressive Mode difference? Which one is faster? Which one is secure?

= Juniper =

OSPF + VPN + FTP; FTP is slow Dailup VPN RTT Hub & Spoke VPN FTP across Network is slow What is Acknowledgement What is MSS Aggressive Mode vs Main Mode FTP Slow across Switch, Router, FW; How to Troubleshoot.

= Juniper Networks ATAC =

What is TCP Sack? DNS Doctoring Types of firewall, with details Tcp header Window scaling Flags checksum sliding window windowing ip header flags IP Padding UDP header Diff between TCP and UDP, which is faster and why? 3 way close TCP handshake and tear down FTP Active/passive Active in details Dail up VPN with multiple networks on the firewall, requirement is to have only one policy on the NSR. Which is secure spilt tunneling or default tunneling Scenario:- Web access is slow, few sites working fast few are little slow:- (answer he expected was with UTM feature the browsing will be little slow and without that it will be faster) Types of wireless and their uses.

Ø General introduction and enquiry about experience. Ø Customer calls up and says throughput it low. How will you deal? Ø Why will an interface go in half duplex mode. Ø If reboot resolves the issue, what could it be related to? Ø Only TCP is slow. UDP is not slow. Ø Examples of UDP. Ø What is TCP MSS and MTU? Ø Why do we need two settings – MTU and MSS? Ø Why do you want to set MSS when we can reduce MTU? Ø Where and when is MSS value exchanged? Ø How do you decide what MSS value to set? Ø Difference between TCP and UDP? Ø What is windowsize? Can we modify it on firewall? Ø On the firewall, can you see window size being exchanged without using Snoop/Sniffers? Ø What information do you see in “get session”? Ø What are the 2 parameters which can bring Phase 2 down? Ø What is phase 1 and phase 2 timeout? Ø What timeout do you see in get sa? Ø Why does the timeout between 2 Juniper firewalls show as unlimited? Ø What is SPI and how it is calculated? Ø When is SPI value exchanged? Ø How do you verify RTO is getting Synced on backup firewall in NSRP? Ø When you see a get session output, how do you verify if the traffic is DIP or MIP? Ø Main difference between OSPF and BGP configuration on the firewall? Ø Why do we need to define neighbours in BGP but not in OSPF? Ø In transparent mode, how is the decision making and forwarding done? Ø Packet flow in transparent mode? Flood and Arp/Traceroute modes? Ø Switch--(F/W in Transparent mode)-Switch--Router You have 50-100 VLANs configured. How will you make sure that the traffic would pass through the firewall? Ø In NSRP, both firewalls show as (M). How will you troubleshoot? Ø HA is directly connected, and HA is UP? Ø Task CPU is high. How will you troubleshoot? Ø In get OS task, how will you see which task is high. Ø You see Session Scan is high. What does that mean?

what is a session how does it look and what are its components how do you identify a session in a sniffer capture what is a tcp syn check when do we receive a rst and fin in a tcp connection what do you mean by disabling syn check what is a sequence check in tcp what is tcp mss why is mss not used in udp what is path mtu what does traffic failover happen in NSRP failover what is arp, what is garp what Is mac table, what is cam table

Screening : 1. What are DOS Attacks 2. Screening Options : SYN FLOOD ( Because I gave him example of this) 3. Why it is an attack 4. Where its configured

Multicast : Almost everything 5. Multicast : Configuration 6. How IGMP and PIM works 7. Basics of Multicast 8. Command to check mroute 9. How IGMP proxy is configured and where, all options in that

NSRP: Explain 1. Set nsrp ageout-ack 2. Set nsrp rto mirror non-vsi 3. Set nsrp vsd master always exists 4. Default vsd group 5. How will you check session is on master or backup : Flag, timeout 6. How will you check if master session is on backup : Src-ip,dst-ip,src-port,dst-port

UTM: 1.What is debug apppry 2. use of application proxy ( he answered to me : it checks if its http,ftp,imap,smtp,pop3 and send it to AV engine because AV scans only these traffic and not like DNS etc.)

1.ARP and G-arp 2.OSI layers 3.How does packet flow through the OSI when One PC telnets to another PC 4.How does MIP work 5.scenarios of G-ARP,where is it used 6.One tough case which you have dealt with. 7.NSRP no brain,split brain 8.How to avoid the above no brain and split brain problems 9.In NSRP what extra command is needed for backup to be manageable from internet,set flow mac cache mgt 10.what does that command do 11.If track-ip does not work,what debugs would you take 12.What will debug track-ip output look like 13.what would debug ip ip output look like 14.what would debug icmp icmp look like 15.basic connection to internet not working,how will you troubleshoot 16.how does MIP work,give a scenario. 17.In NSRP A/P.Sessions get synced,how would you show the customer it is the same session no both the firewalls,Ans—using session flags,,,they would remain d same on both 18.VPN troubleshooting 19.hub and spoke,redundant,over lapping VPN. 20.How would you go about troubleshooting all of them. 21.Why do we need hub and spoke VPN 22.How does SIP work. 23.Messages of SIP.What would debug sip all show 24.Troubleshooting SIP,I can hear voice on one side of the phone,,I am not able to hear on the other end Ans—you need to do debug sip all and check for in the SIP message whether the port on which the data is flowing through is blocked,or does it need to be opened. 25.What is Autoconnect VPN 26.How is your approach to an issue you know and an issue you do not know

1. What should I have to have internet access from a PC 2. What is arp 3. What is difference between ARP and GARP 4. when is garp used .. is g arp a request or a response 5. what is osi layer 6. protocols in layer 4 other than tcp/udp 7. difference in tcp and udp, in which scenarios are tcp and udp preferred. 8. concept of convergence in UDP 9 how does mac address help in communication 10. what is sequence number 11. what is stateful inspection 12. why is syn checking, why is it required on the firewall 13. data flow on the firewall 14. what is sanity check, reverse route lookup 15. what is a session, explain get session output.. 16. How Src natted session looklike 17. Session existing for tunnel traffic 18. Site to site VPN and ping not going through VPN how you will troubleshoot. 19. bad spi ... what is it.. 20. what config changes are required if u have a cisco router as a peer for VPN 21. packet flow in transparent mode. 22. Dynamic Routing. 23. OSPF and BGP difference. 24. Internal and External:- Why Internal and External 25. What is ALG? Explain ALG with Active FTP Example. What is ACtive FTP? 26. Fragmentation capture on Wireshark. How you will prove that this is fragmented is happened on firewall? 27. What is Path-MTU? 28. How to aaoid fragmentation? 29. scenario for PAT.. how is it different from NAT- DST 30. scenario for mip, its advantages. 31. what is NSRP 32. why is master always exist used. 33. why is preempt used. whyis nsrp session ageout command used. 34. WEb sense / url filtering trouble-shooting 35. troubleshooting AV updates 36. if ftp is not working, what are the debugs that u will do 37. what is policy based routing... 38. how do u troubleshoot any problem that u dont understand...

1. What is Arp and G-Arp 2. Layer 2 Forwarding mechanism 3. How does firewall forward the frames in the transparent mode? 4. How are the broadcasts processed in the transparent mode? 5. What is the Command to check the forwarding table in transparent mode? 6. Explain OSI layers. 7. What is the difference between MSS and MTU? 8. What is Path-MTU ? 9. Difference between OSPF and BGP 10. How does TCP three way handshake Work ? 11. What is Fragmentation ? How will you check the Fragmentation from the captures done at Trust and Untrust side. 12. What is difference between UDP and TCP ? How does UDP verify the data has been lost? 13. What is Area 0 and why so we use it ? 14. If we have two devices in different area will they form neighborship ? 15. How to troubleshoot an issue in which ospf neighbor is not coming up ? 16. How does BGP work ? and If BGP is in the same As then is it required to configure the peers for establishing the neighbors ? 17. How does Poison reverse work in RIP ? 18. Explain about multicasting 19. Why do we use the command “Set nsrp master-always-exist “ ? and in what situation we use that command. 20. What is difference between aggressive and main mode in VPN 21. You have route based vpn in between juniper and cisco. Juniper has 3 networks behind it and cisco has 1 network. How to setup the vpn ? 22. What is PBR and at which level does it work ? 23. What is ALG ? Explain with an example. 24. How does Active FTP work ? 25. How to check the translation from the session and what does the output of the “get session “ show when you have translation. 26. What is MIP ? 27. What to check if AV is not working? 28. How to check if AV is not getting updated? 29. What is application proxy ? 30. Why do we use “debug httpfx all” ?

1. TCP/IP Basics & Advanced: a. OSI Layers- detailed understanding, b. Diff between TCP and UDP, c. Knowledge of other protocols other than TCP/UDP (atleast names like ICMP, GRE, ESP, AH etc) d. Flow of a packet between 2 network devices (Layer3, Layer-2) e. Structure of a packet (with respect to headers being added and removed while crossing every layer) f. TCP/IP headers (not directly asked but requires to answer the structure of a packet in detail)

2. General: a. Knowledge of applications like FTP,HTTP, telnet and how they work. b. How ALG is being used on the firewall and why. c. Basic packet flow through the firewall.

3. Switching: a. Basic knowledge of Layer-2 Switching and VLAN. b. Understanding of a Broadcast domain. c. Difference between Layer-2 switching and Layer-3 switching. d. Understanding of ARP and Gratituous ARP. e. Communication between 2 devices in a single broadcast domain.

4. Layer-3: a. Deep understanding of routing. b. Complete flow between 2 layer-3 devices. c. Changes happen to a packet while it traverses through various layer-3 devices. d. How does a firewall different from other Layer-3 devices. e. Routing Protocols – RIP, OSPF, BGP (only if u say u know the basics but only the basics)

5. Firewall Concepts: a. NAT – all types and how it works (detailed understanding and difference between each) b. Firewall usage (Policies, screening etc) c. VPN – Everything about VPN. d. UTM - Understanding of how firewall behaves, decides and handles the packet with respect to the UTM features

6. Others: a. NSRP (complete understanding and troubleshooting) b. Transparent mode. c. Traffic Shaping d. VOIP (troubleshooting approach) e. Logical thinking and troubleshooting approach with respect to an issue. f. Confidence g. Communication.

= Wipro =

TFTP ALG? Yes TFTP requires ALG DPI = Deep Packet Inspection Bastion Host Will the firewall work without a default gateway? What if the device is in a LAN only? What should be the position of the IDP and IPS? What is HIPS? Architecture of checkpoint firewall?

= Cisco = On TCP/IP: •   Window scale, SACK, mss, mtu , TCP off-loading complete details about each topic and troubleshooting scenarios on the same. •   How does TCP headers looks with SACK in action ?? like does it still uses ACK feild or not? if it uses then what info does ACK and SACK feild contains? •   Fragmentation scenarios: where in we will be asked about packet headers, after fragmentation at various hops. •   How does ICMP path discovery works.How does it work with presence of vpn/tunnel? •   How do you truobleshoot using wireshark packet capture?? I was shown a wireshark capture of HTTP access to various site/urls!I was asked to short-list all the urls accessed during the capture time; use filter "http.host". likewise they might ask different filters!! •   Troubleshooting approach on some traffic not working...

VPN: •   CISCO thinks ourteam is strong at this topic:-)!! so they ask in and out of VPNs, different troubleshooting scenarios, with NAT, how VPN works with NAT device in between n all. •    Other than VPNs and TCP/IP they will ask questions on topic that we mention in our resume!! Unfortunately i mentioned about SNMP ;-) so they asked some basic questions: Like why is it used for? whats the diff bw v1 & V3 of SNMP?

SIP: •   complete working:messages: •   Whats SIP re-invite ? •   how does DHCP server recongnises different SIP phone vendors?

Multicast: •   I explained basic working and diff modes i knew.I told them i dont have in depth knowledge. •   Is it necessary to have (S,G) entry ??something like that..dont remember properly •   Tom(ESC engineer) will ask one of best case experience!!! be prepared to answer with troubleshooting steps u followed,upto packet level details.

ALG: 1.   What is alg. And also they asked about specific examples about how ALG functions. (Typically expecting FTP) 2.   Difference between active and passive FTP (In detail including the PASSV command) 3.   When there is a control channel established in FTP, and we open a data channel, do we see a three way handshake happening again on wireshark captures? Ans is yes. 4.   What is the use of ALG in case of passive FTP.

SIP: 1.   Explain the procedure of SIP message exchange starting from a new phone booting up and registration? – Read from CnE given nicely along with headers. They expect headers. 2.   How does ALG help in SIP << Here they expect the function of ALG looking into the SDP headers and open pin holes based on Connection and media identifiers in SDP. 3.   Difference between DHCP discover sent by IP Phone and Computer? Ans: Options field vary in both (No reqd in detail)

Then they asked me about the most difficult case I handled.

1.   Then they discussed about how the SACK and WSF help in flow control and congestion control 2.   How can we achieve the same functionality of trace-route using IP packets assuming that trace route is blocked in the network? Ans: IP header there is option of source route which helps us in doing the same. 3.   Also asked about fast transmit, slow start and congestion avoidance along with TCP chimney and TCP offloading engine 4.   Screening all the options in detail. 5.   How does SMTP work 6.   What is the use of reverse DNS lookup 7.   How do u ensure that the clear text traffic is getting encrypted or not, if you have captures at internal and external interface of the firewall? << By looking at size and time field in the captures>> 8.   What is protocol anomaly. 9.   DHCP relay and dhcp message exchanges. 10.   Scenario: PC-1 is in vlan10 and dhcp server is in vlan20. Now PC-1 boots up how will it get the IP address and flow associated with the same. << Explain the concept of dhcp relay>>

RFC round was TCP—rfc1323. And cross Qn as per the presentation.

•   How do you Troubleshoot High CPU. •   About NSRP. (concept) •   Types of NAT and its uses. •   Few general questions on URL filtering. •   How will you filter a HTTPS URL. •   Why do we use GRE over IPSec? •   If IPSec has encryption then why we need GRE? •   Basic of SNMP regarding community an all

Q: + 3 web servers behind the firewall. All are accessed from the internet through MIPs.1 out of 3 web servers is not reachable. Troubleshoot Ans: check traffic from the client to firewall through internet. OK Communication between server and firewall. NO Sniffers on firewall and server. OK Firewall traffic sent but nothing on the server. Check any devices between them? only a switch. narrow down the problem on the switch. Possibly an ARP issue. when check the switch the MAC of the server was mapped to wrong port.

Q: Remote connect VPN. When connected internet does not work. Ans: Internet VIA local network or through VPN? Through VPN When VPN connected only Internet is down or not able access internal resources also? Only internet. Flow issue check flow correct route? Yes then policy correct policy? No need policy as it is between same security zone. Is intra zone block on? It is OFF At last it was like there is some option in CISCO when the traffic come from same interface and goes out through the same we need to set some command to allow.

Q: Site to site VPN. Site A has a Web server and we are trying to access from site B but it does not happen. Ans: VPN UP? Yes. Only this server or other local resources? Only this server Check flow? Both sides packet sent to tunnel. Sniffer on ingress site A? Yes we see packet. Sniffer on egress site B? NO we don’t see anything. What do we see? 3 way handshake, http get but data sent from source but not receive by site B. Ans. DF bit set. How to handle this. Adjust MSS.

Q: SSL VPN? NO IDEA NEVER WORKED

+ ANY PRODUCT KNOWLEDGE IN CISCO? NOPE ONLY JUNIPER

•   ISAKMP headers,payloads •   If u r using other than IPSEC does ISAKMP is supported nd how? •   ARP •   Headers and how does it change with the propogation •   TCP/ip and ethernet " " " " " " " " •   PC-->SWITCH--->ROUTER--->SWITCH--->PC(Changes in ethernet,arp,tcp,ip header) •   Checksum calculation of TCP header •   mss,mtu •   incase of latency what do u see in wireshark.What all fields, u chk for ? •   GRE over ipsec headers •   GRATITIOUS ARP and ARP header diff? •   Scenario of assymetric routing..Ping was working but TCP connection was not working •   How does trace route works •   Sliding window ,Window size,scaling window factor •   RTO,RTT? •   ICMP, DIFF between MSL and TTL? •   path mtu discovery •   Wireshark in detail •   Scenario of FTP ALG.Control session is being formed but data not flowing

IDP: •   Attacks •   Screening options •   Vulnerability Tools •   How do u write a signature •   Linux

Study from: •   Basics of TCP/IP from TCP/IP guide •   C&E:Screening options ,attack and defence mecahnism •   C&E:VPN

•   TCP/IP complete •   What is slow start,why we use it ?Is it compulsory to use slow start? •   What is congestion control? •   How will you troubleshoot if you have congestion in the network? •   Components of mss? •   Complete DNS header •   OSPF •   BGP troubleshooting •   ISAKMP header •   Difference between AH/ESP ?OR tunnel mode/tranport mode? •   Multicast •   Sparse mode flow •   PIM pruning •   Source specific multicast •   VOIP (SIP ALG---flow etc) •   TCP chimney •   TCP tickle

= BT =

TCP vs UDP - what is a reliable service? TCP Flags - names & roles RST vs FIN Flags 2 types of FW technologies - Stateful vs Proxy User is sending confidential data in gmail. How will you capture it? HTTPS/SSL. Debug vs Snoop? Which is more CPU intensive? Debug Asymmetric Routing? ICMP redirection in context of Asymmetric routing '''What is NAT64? NAT 64 for traffic coming through a VPN?''' It is a simple NAT from ipv6 to ipv4. JSRP vs NSRP Backup Control plane possible or not? Not possible. Only active firewall will have a Control Plane. How to resolve Split Brain? Immediately resolve it using temporary fix Make one FW inoperable Cold sync Does Management Interface belongs to a VR? Yes: Its assigned to Default VR - trust-vr NSM manage through management interface Yes, in SRX it is managed through management interface. Logs transfer from NSM using management port Logs will transfer as they are self traffic. Can we connect NSM to FW using Mgmt interface. How will it send logs from Mgmt Interface.

SOC Profile
OSPF states If Frag causes slowness. You lower the MTU. It resolves the issue. What change does it make? Ans: It bring MSS lower than MTU. otherwise every packet will defrag.. (i think) Does DHCP traffic needs policy? If yes what port numbers, What command is used? DHCP packet flow? What port numbers involved? Which packet is Broadcast or unicast? DHCP Relay agent packet flow? Commands? SRX: How to enable SSH access? what commands required? SRX: If HTTPS is enabled on Interface & SSH,Telnet on Zone, What access will work? NAT device installed by ISP in a VPN, What port, protocol numbers need to be opened? What changes are required in the Firewalls for NAT-T? Screening options? Name of 3 Attacks? SYN Flood attack limit? UDP attack limit?

= Mphassis =

When Next-hop lookup take place in ScreenOS flow? After policy lookup or at Arp lookup? Silly window protocol URG vs PUSH Flags Urgent pointer ARP in ipv6 IKE v2   Active vs Passive FTP - ALG Overlapping subnets without NAT ospf v6   ipv6 Netscreen session analyzer AH vs ESP in Wireshark DHCP DHCP Relay agent 2 DHCP servers in a subnet/Network Hub and Spoke VPN - Policies Tracert in Windows vs Linux - Tracert using UDP On Unix-like operating systems, the traceroute utility uses User Datagram Protocol (UDP) datagrams by default, with destination port numbers ranging from 33434 to 33534. The traceroute utility usually has an option to instead use ICMP Echo Request (type 8) packets, like the Windows tracert utility does, or to use TCP SYN packets. Tracert 3 values 4 way handshake- Benefits ALG opens: Pasv - in passive mode opens port Port - in active mode opens port Diff bw ACL & Poloicy? ACL is at Interface level;Policy at Zone;;ACL= network/transport layer;Pol=ALG=Application layer Session layer handles Dialog control. How to block P2P?

= Accenture =

VR vs VSYS What are UTM Features? Can you assign 4 zones to 4 VRs? What routes need to be configured? Ans: Trust-vr to Untrust-vr default route already exists by default, need to create a Reverse route. Migration plan for ScreenOS to SRX? VPN Migration OSPF areas, type 7 BGP route selection BGP route reflectors What is PFS? What is DH protocol? How it works? WHich versions are supported in ScreenOS? What are phase 1 stages Tunnel interface Flow in ScreenOS What is ALG?


 * 2nd level

What is a VPN? ESP vs AH? How NSRP Failover occurs? What is a Null Route? What is a Cookie? How is Cookie Calculated? What is a Control & Data Link? What is NSRP Lite? NSRP Virtual MAC Calculation? Proxy-ID? Which Phase? What is VSI? VSD? How is VSI assigned? (eth0/0:1) Can we assign IP to HA Interface? What is a Management Port? Can it have User/Passthrough Data? How do you create a Zone? Select Layer 2 or 3 Select VR   Priority order of VIP, Source Nat, Dest NAT, Policy NAT? Default NSRP Priority? 100   What is RTO? What is FSTAB? min space for booting a device? Functions of DevSrv? NSM Distributed Architecture? What is a VLAN? Duplex? Collision? Trunk? What is rsync? Where is it used in NSM? Difference between rsync & SCP? Scp basically reads the source file and writes it to the destination. It performs a plain linear copy, locally, or over a network. Use scp for your day to day tasks. Commands that you type once in a while on your interactive shell. Its simpler to use, and in those cases rsync optimizations won't help much. Scp has only a few switches. Rsync also copies files locally or over a network. But it employs a special delta transfer algorithm and a few optimizations to make the operation a lot faster. Rsync has a plethora of command line options, allowing the user to fine tune its behavior. It supports complex filter rules, runs in batch mode, daemon mode, etc. For recurring tasks, like cron jobs, use rsync. It will take advantage of data already transferred, performing very quickly and saving on resources. It is an excellent tool to keep two directories synchronized over a network. NSRP supported in Transparent Mode? Yes, When operating in Transparent mode, the backup in an Active/Passive pair can only be managed from one Layer 2 zone at a time. By default, this zone is V1-Trust. If management is needed from V1-Untrust, V1-DMZ, or a custom layer 2 zone, use the command: set interface vlan1 nsrp manage zone Note: This command must be enabled on both devices in the NSRP cluster. Verify: get interface vlan1 In backup mode, only traffic from V1-TRUST can manage the box Note: Ensure that the manage-ip addresses are different for both the primary and backup firewalls. NSRP States? What is Inoperable state? OSPF Areas? Type 7 LSA? In backbone converts to what? Difference between init 0 & init 6?

= Tech M =

V,E,B bit in OSPF LSA area 2,0,1 LSA Type 3 -6 routers in area 2 Type 3 LSA area 1-0-2 changes? L2TP VPN Flow? No of Junos Candidate configs?

= BT Interview =

vip vs nat-dst diff? Ans: Vip needs same subnet IP as interface IP   diff policy vpn vs route vpn? encrytion at which packet during vpn Aggr /main mode? diff bw main and aggr mode? More secure which 1 ? Ans: IKE ID (name) is sent in plain text in Aggressive mode & encrypted in main mode. Intrazone block option? Mip has no port translation Route based VPN : 1) has tunnel 2) NAT Dest supported. What are the IKE v2 benefits? NSM Services ==> HASrv, DevSrv, GuiSrv If all devices seems to be down in NSM ==> DevSrv service is down Requirements for NSRP Active-Active? VSI interfaces config Change timeout value of a Predefined service - Yes, Possible by editing the service. Life Size, key change after 100Mb data transfer? Cisco 1 GB? Juniper? Life Size is in which phase? Phase 2 only. Life time is in both Phase 1 & 2. Vsys config SSG 550M ==> what is meaning of M? = can be converted to Junos J-series Services Route Enable ALG on a custom service? Create policy, select custom Service & select Application to select the ALG. Can you create a VPN with overlapping subnets using Policy based VPN? What is Rommon/Bios in ScreenOS called? Ans: Bootloader ScreenOS vs SRX What is difference between 8,2 & 8.3 Cisco ASA firmware? 8.2 packet arrives - check ACL before un-natting ==> create ACL with translated IP not real 2 nats> static or GLobal 8.3 object Natting ==> instead of calling, calling object in ACL ==> ASA will do NAT first & ACL should be added for real IP. Object or Twice NAT. IPv6 is supported in ScreenOS or not?

= McAfee =

packt filter fw   stateful fw    scenario: reverse traffic tcp 3way -flags What is flow control? ospf vs rip differences port no of http,dns,https,etc what is dns? chown chmod Disk usage - df -h System resources - top, pstree SMTP Test with Telnet: dig example.com mx       nslookup -query=mx example.com mx1.example.com mx2.example.com telnet mx1.example.com smtp HELO client.example.com MAIL from:  RCPT to:  DATA From: sender@example.com To: recipient@example.com Subject: Test message This is a test message. QUIT HTTP test using telnet: To retrieve the document as well as the headers, use GET instead of HEAD. If you want the root document, use GET / HTTP/1.1 (or HEAD / HTTP/1.1). telnet www.example.com http HEAD /example/example.shtml HTTP/1.1 Host: www.example.com Connection: close

= TechM (Chd) =

For SRX240B: ge-0/0/0 interface will be mapped to fxp0 (out-of-band management) ge-0/0/1 interface will be mapped to fxp1 (control). The interfaces that are mapped to fxp0 and fxp1 are device specific. Analysis & Reporting > IPS > Intrusion Events Reimage: Reboot Sensor Select System Restore Set IP config Select SCP, Enter Server IP, Credentials & ISO File name Download & Mount ISO Install Reboot
 * SRX fxp1 interface
 * IPS blocked webmail. Where to get the alerts?
 * Upgrade process of Sourcefire Sensors:
 * Screenos flow
 * What is Sanity Checking?
 * VPN
 * NSRP Preempt behavior
 * Proxy Server Experience

= ZScalar (Chd) =

DNS? need for DNS Traffic troubleshooting HTTP is in which layer? DNS uses protocol? UDP & TCP Why not use UDP for all DNS traffic? (Ans:Huge Overhead) Reverse of DNS possible? ScreenOS CPU utilization check command Port no of DNS, SSH, HTTP SSH access is there but WebUI not opening?


 * 2nd Level

302,403,401 error HTTP SSL Handshake steps - 4 phases Hashing vs Encryption, examples of protocols Port Numbers - 80, 443 Proxy Server functions ALG - Active vs Passive FTP Destination NAT - Proxy ARP, Server issues, Debugging If the Server does not have a reverse route to reach firewall,it will drop reply packet. Workaround is to create a Source NAT rule in firewall Aggressive vs Main Mode Is Preshared Key, ID shared in clear text in Aggressive mode? (no, its Hashed) Dynamic IP in Site, Which mode is used? (Aggressive) What is a Digital Signature?

= Convergys (JTAC L2) =

Ans:Take snoop simultaneusly at both sites.
 * VPN traffic is not reaching other gateway device? How to prove?

Ans: 4 filters- two for & to the gateways, two to & for the PCs
 * What filters to use for VPN Traffic?

Ans:SPI will be unique & remains same for a single VPN
 * 4 VPNs between 2 devices, how to identify which packet is for which VPN?


 * ESP has Port no?

Ans:At which packet level does it start using UDP port 4500?
 * IMP:What is NAT-T? Why packet will drop without NAT-T? at which packet exchange will it drop?


 * Scenario 1:

3 firewalls are in full mesh VPN. 2 firewalls A & B have overlapping subnets. Why will the ping from A to B private IPs fail? Will VPN come UP? What is the solution? Ans: to use MIP in Tunnel Ping from A to C private IP will fail? Ping from C to A private IP will fail?


 * Scenario 2:

Client is conected to a L2 switch. Switch to Firewall. Firewall to Internet. Client does an active FTP connection to FTP server. How will traffic pass through firewall? What is the role of ALG? Which command of FTP is used? IMP:Which 2 parameters of FTP Command are useful? Ans: 1. PORT Command; 2._________

How to find out latency? How to find packet drops? How to trace packets(ID Field)
 * Troubleshoot Latency
 * Fragmentation in detail(ID Field, MF flag, Frag Offset)
 * TCP SACK
 * TCP WSF? is it Unidirectional or bidirectional? Max value for WSF? Max Window size?
 * You have two PCAP files for same firewall. One on Ingress port & one for Egress port.

= TechM (Chd) =


 * Ph1 Configuration steps
 * Ph1 Troubleshooting
 * Traffic not reaching Destination roubleshooting
 * NAT in ScreenOS
 * VIP
 * Nat DST
 * DIP
 * Troubleshooting VPN
 * Commands in ScreenOS
 * TCP in juniper srx flow

= Akamai =

Server is overloaded Window scaling is not supported or configured Some old OS in use by server
 * Detailed data transfer(http/ftp) steps
 * EC Window, CWR
 * 3-way handshake (Sequence number was wrong)
 * Acknowledgment field value in a Syn Packet
 * Window size=0; what conditions
 * Fields in a TCP & IP Header

= Iopex =

If Proxy ID mismatch occurs, will VPN come up or just data will not transfer? IKE Phase 1 successful, Phase 2 fails due to proxy-id mismatch The Proxy ID on the local and remote VPN device must match for phase 2 to complete the VPN negotiations [PC1]--[SW]--[Router]--[PC2]
 * IP Header Fields, Flags & length
 * TCP Header Fields, Flags & length
 * How ICMP will recognize reply message? Identification field
 * Where Segmentation occurs
 * What is MTU
 * URG vs Push Flag
 * Data Offset
 * NAT-T
 * DORA
 * DHCP Relay
 * Use of GARP
 * Port no of Telnet, SMTP, FTP
 * Why FTP uses 2 ports
 * Phase 1 parameters
 * Phase 1 errors
 * Use of Inverse ARP(Frame Relay)
 * Scenario: Ping from PC1 to PC2 - Explain ARP, IP, MAC table, etc

= Arcesium =

strace ptrace ? lsof ? source exec '.' all of the above ? cat foo.txt | head -5 head -5 foo.txt env htop /proc FS all of the abpve? caching LB ? Proxy URL Rewrite
 * What does Directory Execute (x) permission means? ability to 'cd' into that dir
 * Which cmd sets max size of core dumps? ulimit
 * Which cmd used to inspect system call made by running proces?
 * In bash which cmd used to execute a shel script in current shel context?
 * Print top 5 lines
 * Redirect error stream to file errors? foo2>errors?
 * Command used to create a new process? fork
 * Command to continue process after closing terminal? nohup
 * init was replace by which default service manager in RHEL? systemd
 * Check env variables of a running process?
 * Web Server can do what?
 * HTTP/2 was inspired by what? SPDY
 * Most commonly used compression in response from server to client in HTTP? gzip

= Interview Questionaire =


 * General


 * Benefit of using Transparent mode?
 * Basic difference between IDS & IPS?
 * SSL VPN
 * Phase 1,2 no of packets? encryption starts at which packet in VPN?
 * PFS
 * VPN Troubleshooting
 * Stateful Inspection
 * Aggressive mode / Main mode more secure?
 * Task/Flow CPU High
 * Reasons for High Memory?


 * ScreenOS


 * Flow in Netsreen firewall
 * MIP vs VIP
 * Multi-Cell policy
 * Traffic Shapping is config where?
 * 100 VPNs terminating on the Juniper firewall? Filter
 * Pseudo session ?
 * Snoop Detail?
 * Debug flow basic
 * Precautions while debugging
 * Sync NSRP devices manually
 * NSRP non-propagating parameters
 * How to avoid Split-Brain scenario?
 * How to avoid No Brain scenario?
 * Secondary path in NSRP

= Achievements =


 * Rockman Cyberoam ARP script
 * Rockman Nagios Monitoring
 * Wipro BP SRX & NSM Repro
 * Citrix SDWAN VoIP repro
 * Citrix CodeRed - PHP/Laravel
 * AVI Case Alert script
 * AVI config Parser
 * AWS VPN Log Parser
 * Endian Firewall Deployments
 * NIC Snort IDS
 * NIC Nessus Vulnerability
 * Citrix SDWAN SME/Dev Deployment
 * Cloudwatch Alarm S3 Bucket Objects Lambda function