Intrvw: Difference between revisions
→Google GCP Workspaces
m (Protected "Intrvw" ([Edit=Allow only logged in users] (indefinite) [Move=Allow only logged in users] (indefinite) [Delete=Allow only logged in users] (indefinite))) |
|||
| (36 intermediate revisions by the same user not shown) | |||
Line 1:
= Google GCP Workspaces =
* Code:
<syntaxhighlight lang='python'>
with open('tab.txt','r') as tab, open('csv.txt','r') as csv, open('data.txt','w') as data:
for line in tab.readlines():
data.write(' '.join(line.strip().split('\t'))+'\n')
for line2 in csv.readlines():
data.write(' '.join(line2.strip().split(','))+'\n')
data.close()
with open('data.txt','r') as file:
for line in file.readlines():
print(line)
</syntaxhighlight>
* Code2:
<pre>
def analyze(numbers):
result = []
index = {}
min = None
max = None
for n in numbers:
index[n] = True
if not max or n > max:
max = n 9
if not min or n < min:
min = n 0
for n in range(min + 1, max):
if not n in index:
result.append(n)
return result
analyze()
4,5,6,7,8
3rd
0—-
analyze([5,9])
(6,9)
result = [6,7,8]
analyze([3,0,5,9])
4,3
Result = [1,2,4,6,7,8]
</pre>
* Equivalent Code:
<pre>
def analyze(numbers):
min = None
max = None
for n in numbers:
print(n)
if not max or n > max:
max = n
if not min or n < min:
min = n
print("max: ",max," min: ",min)
</pre>
* Results:
<pre>
>>> analyze([3,0,5,9])
3
max: 3 min: 3
0
max: 3 min: 0
5
max: 5 min: 5
9
max: 9 min: 5
</pre>
* Logic:
<pre>
>>> min = None
>>> not min
True
>>> min = 0
>>> not min
True
</pre>
* Working code for Min & Max:
<pre>
def analyze(numbers):
min = 0
max = 0
for n in numbers:
print(n)
if n > max:
max = n
if n < min:
min = n
print("max: ",max," min: ",min)
</pre>
= Amzn SysDE II =
* Recover from below issue:
chmod -x /bin/chmod
# Copy
# tar -file
# ld
* Coding
<syntaxhighlight lang='python'>
## Write a function that gives you the average latency in a log file with the following format
#
# timestamp requestid operation latency
# 2021-01-20T08:19:18+00:00 123e4567-e89b-12d3-a456-426614174000 getresults 175
# 2021-01-20T08:19:20+00:00 123e4567-e89b-12d3-a456-426614174100 submitquery 100
# 2021-01-20T08:19:21+00:00 123e4567-e89b-12d3-a456-426614174200 getquerystatus 60
# 2021-01-20T08:20:03+00:00 123e4567-e89b-12d3-a456-426614174300 getresults 150
# 2021-01-20T08:22:09+00:00 123e4567-e89b-12d3-a456-426614174400 cancelquery 20
}
path = input('')
#path = '/var/log/messages'
r = []
with open(path,'r') as file:
for line in file:
r.append(line.split()[-1])
avg_Latency = sum(r)/len(r)
print(avg_Latency)
--------------------------------------
#path = input('')
def avg_lat(path):
#a = 0
#rr = 0
latency = {}
occurrence = {}
with open(path,'r') as file:
for line in file:
try:
c = line.split()[-1]
if int(c):
#a += 1
#rr = rr + int(c)
latency['getresults']
oper.update({line.split()[-2]:line.split()[-1]})
except:
pass
latency = {
'getresults': 455,
'submitquery': 678
...
}
occurrences = {
'getresults': 4,
'submitquery': 9
}
latency.get('getresults')
#return (rr/a)
avg_lat('/var/log/syslog')
</syntaxhighlight>
;Debrief
<pre>
feedback - team liked, pleasure in interview
strong NW
stron linux
LP fine
L4 is not good for you
System design not good
DB using indexing, Queues, scalable, parallel approach, LB using, indexing DBs, instead of storage.
Coding was also OK, difficulty with dictionary
Should know Datastructures not algorithms
Try again in 6 months, ask HR & try to get exception.
</pre>
* Correct Code:
<pre>
latency ={}
occurrance = {}
with open('latency2.logs','r') as file:
for line in file:
lat = int(line.split()[-1])
oper = line.split()[-2]
if oper in latency.keys():
add_latency = latency.get(oper) + lat
occurrance.update({oper:occurrance.get(oper)+1})
else:
add_latency = lat
occurrance.update({oper:1})
latency.update({oper:add_latency})
print(latency)
print(occurrance)
for k,v in latency.items():
print(k,int(v/occurrance.get(k)))
</pre>
= MasterCard =
* SSL Handshake
* TCP 3-Way Handshake
* TLS 1.0 vs TLS 3.0
* curl -kv (meaning of k)
* HTTP
= Microsoft =
;HM Round:
* State a Work process you changed
* Mention a time when you worked with a Cross functional team
* Mention a time when you tried to understand the Customer needs in a better way.
; Scripting Round
* Write a code to:
- Check how many IP addresses from a range are online
- Login into one of them & perform traceroute to each & save output to <IP>_traceroute.txt file
- Login into each and save output of ipconfig/all & nbtstat to a file called <IP>_config.txt
* Program with AND/OR function operations
* What is a Pull Request? (Merge branch into Main branch)
* What is a Class? (Datatype eg: string - Cat, Sub, etc functions)
; Networking Round
* NTP Strutum
* Vlan turking - switchport mode trunk without impact
-> allowed VLAN command
* Difference between BGP default info orig & default orig
* OSPF AD? eBGP/iBGP AD?
* BGP port no, States, Attributes
* OSI Model
= AMZN Networking =
Line 180 ⟶ 442:
Srv3 is slow, latency, how to troubleshoot? top, free -h, df -h
How to check traffic requests coming per second? netstat -s, ss -s, tcpdump
= AMZN Sydney NDE =
;Round 1
*OSPF
OSPF States
OSPF LSAs
'''Type 4 LSA Details'''
'''Type 3 LSA Details'''
'''Route Selection Hierarchy - E1, E2, N1, N2'''
Looping prevention in OSPF 1) Only best route selected in SPF; 2) All Areas must connect to Backbone Area.
'''ABR has 2 DB Tables for 2 interfaces each in different areas, each learning same route with same cost, how will best path be selected.'''
'''How is route removed in OSPF, What is there in LSU?'''
*BGP
Loop prevention method for eBGP(AS Path list own AS Number, route removed)
'''Loop prevention method for iBGP'''
To avoid routing information loops within the same AS, all IBGP routers must peer with every router within AS
Only TCP sessions required, not physical connections) – this is called full mesh IBGP.
IBGP uses split horizon rule (covered in other article), which states that routes learned from one IBGP neighbor is never sent to the rest of IBGP neighbors.
That way, when you have full mesh IBGP, routing information loops will not occur, because all routers have the same routing information.
Attributes for affecting Outbound traffic? '''MED & Local Preference?'''
'''Attributes for affecting Inbound traffic?'''
*Linux
High CPU Troubleshooting
Commands: GREP, AWK, SED
Case/Implementation you worked - NSM repro, SIP Asterisk repro
Scripting/Automation example - Top VS list
;Round 2
* Load Balancer
Explain LB usage in detail
How it distributes connections from TCP prospective?
How is connection initiated & how it reaches Server?
Can LB use VIP to connect to Server?
'''When in Citrix Netscaler it uses VIP as source IP for connecting to Server?'''
* BGP
Scenario for eBGP:
|-----[R2]-------|
[A]-----[R1] [R4]----[B]
|-----[R3]-------|
'''How is maintenance done in R2?'''(ASPath Prepend and Local_Pref)
Shutdown command? not preferred, disruptive way
Local Pref? Nope
Med? Nope
'''IS local Pref used in eBGP?'''
'''Where is MED set on? (Med cannot be used in eBGP)'''
''AS-Path prepend:'' Way to add AS number to the list of subnet u want to advertise.
This is a way to route poisoning.
Tell the outside world not to follow the path.
Applied outwardly.
Impacts incoming path.
''Local preference:'' Applied while the traffic coming inside.
Impacts traffic while going out.
Non transitive.
Propagates within the AS-Path.
Higher is preferred
''MED:'' When your router has connection with two other routers with same AS.
Let's say you have 2 subnets behind your router.
You can use MED value to mention which networks should be accessed through which links.
It is advertised outwards.
Impacts the incoming traffic.
Semi transitive.
Propagates to one AS.
Lower is preferred
Should be used carefully as it reduces network resiliency.
Can we do Load balancing across R2 & R3? (ECMP?)
Loop Prevention in eBPG?
Loop prevention in iBGP? For above Scenario? (Split Horizon, do not advertize to other iBGP peers, but learn directly from neighbor)
Need for a direct connection b/w R1 & R4? What if not possible? (Run IGP)
How Router Reflector prevents loops (using RR, RR Clients, Non-Client Peers)
'''When will a router received be discarded:'''
Originator-ID same as own Router-id(the route is discarded in this case)
Originator-ID different from Router-ID
* Python
Skill you learned in past 12 months? Python
Describe a project you worked on in Python?
How did you learned Python?
* Scenario 1
[PC]-------[Branch India]-------------------------------[HQ US]------------[Update Server]
How does PC reach Server for updates? Explain all steps - ARP, DHCP,DNS, TCP, HTTP(GET) , etc
If Download is Slow, how will you troubleshoot?
Where will you take captures? (All devices)
Which device's captures will you see Retransmissions? (All)
TCP Slow Start?
What happens if TCP Packet is lost?
Will Latency cause slowness?
If 1 server is in US & Another is in India with same BW, will the download time change?
If so, how much?
* Scenario 2
[PC]------[SW]-------[Router]------[DNS Server]
Captures on Switch, what will be Source & Dest IP as well as MAC?
= AMZN NDE =
* Steps to upgrade 10 Routers safely.
* iBGP vs OSPF
* Loop avoidance in OSPF
* What are OSPF Areas?
* RIB vs FIB
* Can BGP COnverge as fast as OSPF
* iBGP Loop avoidance
* What direction is AS PAth Prepend applied?
* WSF, why it is just 65535?
* Collision avoidance
* How is congestion detected? (RTO & 3 Dup ACKs)
;Q. Write a function to verify if a given set of interfaces is present as next-hops for a given prefix in router's routing table.
Task:
* Implement function: check_prefix_next_hops("router-1", "216.182.232.249/32", ["bond1", "bond3"])
* Function must return True/False
* Use example router output from MOCKED_DEVICE_DATA object
<syntaxhighlight lang="python">
MOCKED_DEVICE_DATA = {
"router-1": """
B>* 216.182.232.249/32 [200/0] via 100.92.0.1, bond1, 00:14:14
* via 100.92.0.3, bond3, 00:14:14
C>* 253.4.0.232/31 is directly connected, jrp2-1
B> 30.0.0.0/8 [200/0] via 100.92.188.32 (recursive), 00:00:25
* via 100.92.64.3, bond2, 00:00:25
via 100.92.188.64 (recursive), 00:00:25
* via 100.92.64.5, bond3, 00:00:25""",
"router-2": None
}
#int = ['bond0','bond1']
#for k,v in x.itemm():
# print(k,v)
# if k == "router-1"
#def check_prefix_next_hops("router-1", "216.182.232.249/32", ["bond1", "bond3"])
def check_prefix_next_hops(router_name, given_prefix, expected_next_hop_interfaces):
#for k,v in r
router_output = MOCKED_DEVICE_DATA[router_name]
if given_prefix in router_output:
for i in range(len(expected_next_hop_interfaces)):
if expected_next_hop_interfaces[i] ==
</syntaxhighlight>
= AMZN SysDE =
;1. Extract Timeout & Desination IP address information from a log file
* The log file is in text format having 2 elements:
- timeout always present either 1 or 0
- dest IP address
* Big annotation
* What will happen if you do not close the file in python & program crashes?
* Is there a way to close files automatically?
;2. Script to print duplicate files from a directory
* How to run a Unit Test(performance test) on this script?
* Why not use a Dict?
<pre>
# Read the file
f = open('/var/log/apache2/access.log','r')
lines = f.readlines()
f.close()
print(len(lines))
# Append Response code & Dest IP address to 'a'
a = []
for i in lines:
a.append((i.split()[0], i.split()[8]))
print(len(a))
# Create a set of IP addresses 'b'
b=[]
for i in a:
b.append(i[0])
b = set(b)
print(len(b))
# Create a new list having Unique IP addresses & list of Responses for each:
c=[]
for i in b:
x = []
for j in range(len(a)):
if i == a[j][0]:
x.append(a[j][1])
c.append((i,x))
print(len(c))
# Print the results:
for k in range(len(c)):
print(c[k][0],len(c[k][1]))
</pre>
= Google =
{{UC}}
== Challenge ==
{{UC}}
= Google Dublin =
;Round 1
{{UC}}
;Round 2
{{UC}}
= CouchBase =
Line 566 ⟶ 1,054:
Aggressive Mode vs Main Mode
FTP Slow across Switch, Router, FW; How to Troubleshoot.
= Juniper Networks ATAC =
<pre>
What is TCP Sack?
DNS Doctoring
Types of firewall, with details
Tcp header
Window scaling
Flags
checksum
sliding window
windowing
ip header
flags
IP Padding
UDP header
Diff between TCP and UDP, which is faster and why?
3 way close
TCP handshake and tear down
FTP Active/passive
Active in details
Dail up VPN with multiple networks on the firewall, requirement is to have only one policy on the NSR.
Which is secure spilt tunneling or default tunneling
Scenario:- Web access is slow, few sites working fast few are little slow:- (answer he expected was with UTM feature the browsing will be little slow and without that it will be faster)
Types of wireless and their uses.
Ø General introduction and enquiry about experience.
Ø Customer calls up and says throughput it low. How will you deal?
Ø Why will an interface go in half duplex mode.
Ø If reboot resolves the issue, what could it be related to?
Ø Only TCP is slow. UDP is not slow.
Ø Examples of UDP.
Ø What is TCP MSS and MTU?
Ø Why do we need two settings – MTU and MSS?
Ø Why do you want to set MSS when we can reduce MTU?
Ø Where and when is MSS value exchanged?
Ø How do you decide what MSS value to set?
Ø Difference between TCP and UDP?
Ø What is windowsize? Can we modify it on firewall?
Ø On the firewall, can you see window size being exchanged without using Snoop/Sniffers?
Ø What information do you see in “get session”?
Ø What are the 2 parameters which can bring Phase 2 down?
Ø What is phase 1 and phase 2 timeout?
Ø What timeout do you see in get sa?
Ø Why does the timeout between 2 Juniper firewalls show as unlimited?
Ø What is SPI and how it is calculated?
Ø When is SPI value exchanged?
Ø How do you verify RTO is getting Synced on backup firewall in NSRP?
Ø When you see a get session output, how do you verify if the traffic is DIP or MIP?
Ø Main difference between OSPF and BGP configuration on the firewall?
Ø Why do we need to define neighbours in BGP but not in OSPF?
Ø In transparent mode, how is the decision making and forwarding done?
Ø Packet flow in transparent mode? Flood and Arp/Traceroute modes?
Ø Switch------(F/W in Transparent mode)-----Switch------Router
You have 50-100 VLANs configured. How will you make sure that the traffic would pass through the firewall?
Ø In NSRP, both firewalls show as (M). How will you troubleshoot?
Ø HA is directly connected, and HA is UP?
Ø Task CPU is high. How will you troubleshoot?
Ø In get OS task, how will you see which task is high.
Ø You see Session Scan is high. What does that mean?
what is a session
how does it look and what are its components
how do you identify a session in a sniffer capture
what is a tcp syn check
when do we receive a rst and fin in a tcp connection
what do you mean by disabling syn check
what is a sequence check in tcp
what is tcp mss
why is mss not used in udp
what is path mtu
what does traffic failover happen in NSRP failover
what is arp, what is garp
what Is mac table, what is cam table
Screening :
1. What are DOS Attacks
2. Screening Options : SYN FLOOD ( Because I gave him example of this)
3. Why it is an attack
4. Where its configured
Multicast : Almost everything
5. Multicast : Configuration
6. How IGMP and PIM works
7. Basics of Multicast
8. Command to check mroute
9. How IGMP proxy is configured and where, all options in that
NSRP: Explain
1. Set nsrp ageout-ack
2. Set nsrp rto mirror non-vsi
3. Set nsrp vsd master always exists
4. Default vsd group
5. How will you check session is on master or backup : Flag, timeout
6. How will you check if master session is on backup : Src-ip,dst-ip,src-port,dst-port
UTM:
1.What is debug apppry
2. use of application proxy ( he answered to me : it checks if its http,ftp,imap,smtp,pop3 and send it to AV engine because AV scans only these traffic and not like DNS etc.)
1.ARP and G-arp
2.OSI layers
3.How does packet flow through the OSI when One PC telnets to another PC
4.How does MIP work
5.scenarios of G-ARP,where is it used
6.One tough case which you have dealt with.
7.NSRP no brain,split brain
8.How to avoid the above no brain and split brain problems
9.In NSRP what extra command is needed for backup to be manageable from internet,set flow mac cache mgt
10.what does that command do
11.If track-ip does not work,what debugs would you take
12.What will debug track-ip output look like
13.what would debug ip ip output look like
14.what would debug icmp icmp look like
15.basic connection to internet not working,how will you troubleshoot
16.how does MIP work,give a scenario.
17.In NSRP A/P.Sessions get synced,how would you show the customer it is the same session no both the firewalls,Ans—using session flags,,,they would remain d same on both
18.VPN troubleshooting
19.hub and spoke,redundant,over lapping VPN.
20.How would you go about troubleshooting all of them.
21.Why do we need hub and spoke VPN
22.How does SIP work.
23.Messages of SIP.What would debug sip all show
24.Troubleshooting SIP,I can hear voice on one side of the phone,,I am not able to hear on the other end
Ans—you need to do debug sip all and check for in the SIP message whether the port on which the data is flowing through is blocked,or does it need to be opened.
25.What is Autoconnect VPN
26.How is your approach to an issue you know and an issue you do not know
1. What should I have to have internet access from a PC
2. What is arp
3. What is difference between ARP and GARP
4. when is garp used .. is g arp a request or a response
5. what is osi layer
6. protocols in layer 4 other than tcp/udp
7. difference in tcp and udp , in which scenarios are tcp and udp preferred.
8. concept of convergence in UDP
9 how does mac address help in communication
10. what is sequence number
11. what is stateful inspection
12. why is syn checking , why is it required on the firewall
13. data flow on the firewall
14. what is sanity check, reverse route lookup
15. what is a session, explain get session output..
16. How Src natted session looklike
17. Session existing for tunnel traffic
18. Site to site VPN and ping not going through VPN how you will troubleshoot.
19. bad spi ... what is it..
20. what config changes are required if u have a cisco router as a peer for VPN
21. packet flow in transparent mode.
22. Dynamic Routing.
23. OSPF and BGP difference.
24. Internal and External:- Why Internal and External
25. What is ALG? Explain ALG with Active FTP Example. What is ACtive FTP?
26. Fragmentation capture on Wireshark. How you will prove that this is fragmented is happened on firewall?
27. What is Path-MTU?
28. How to aaoid fragmentation?
29. scenario for PAT.. how is it different from NAT- DST
30. scenario for mip, its advantages.
31. what is NSRP
32. why is master always exist used .
33. why is preempt used. whyis nsrp session ageout command used.
34. WEb sense / url filtering trouble-shooting
35. troubleshooting AV updates
36. if ftp is not working, what are the debugs that u will do
37. what is policy based routing...
38. how do u troubleshoot any problem that u dont understand...
1. What is Arp and G-Arp
2. Layer 2 Forwarding mechanism
3. How does firewall forward the frames in the transparent mode?
4. How are the broadcasts processed in the transparent mode?
5. What is the Command to check the forwarding table in transparent mode?
6. Explain OSI layers.
7. What is the difference between MSS and MTU?
8. What is Path-MTU ?
9. Difference between OSPF and BGP
10. How does TCP three way handshake Work ?
11. What is Fragmentation ? How will you check the Fragmentation from the captures done at Trust and Untrust side .
12. What is difference between UDP and TCP ? How does UDP verify the data has been lost?
13. What is Area 0 and why so we use it ?
14. If we have two devices in different area will they form neighborship ?
15. How to troubleshoot an issue in which ospf neighbor is not coming up ?
16. How does BGP work ? and If BGP is in the same As then is it required to configure the peers for establishing the neighbors ?
17. How does Poison reverse work in RIP ?
18. Explain about multicasting
19. Why do we use the command “Set nsrp master-always-exist “ ? and in what situation we use that command.
20. What is difference between aggressive and main mode in VPN
21. You have route based vpn in between juniper and cisco. Juniper has 3 networks behind it and cisco has 1 network. How to setup the vpn ?
22. What is PBR and at which level does it work ?
23. What is ALG ? Explain with an example.
24. How does Active FTP work ?
25. How to check the translation from the session and what does the output of the “get session “ show when you have translation.
26. What is MIP ?
27. What to check if AV is not working?
28. How to check if AV is not getting updated?
29. What is application proxy ?
30. Why do we use “debug httpfx all” ?
1. TCP/IP Basics & Advanced:
a. OSI Layers- detailed understanding,
b. Diff between TCP and UDP,
c. Knowledge of other protocols other than TCP/UDP (atleast names like ICMP, GRE, ESP, AH etc)
d. Flow of a packet between 2 network devices (Layer3, Layer-2)
e. Structure of a packet (with respect to headers being added and removed while crossing every layer)
f. TCP/IP headers (not directly asked but requires to answer the structure of a packet in detail)
2. General:
a. Knowledge of applications like FTP,HTTP, telnet and how they work.
b. How ALG is being used on the firewall and why.
c. Basic packet flow through the firewall.
3. Switching:
a. Basic knowledge of Layer-2 Switching and VLAN.
b. Understanding of a Broadcast domain.
c. Difference between Layer-2 switching and Layer-3 switching.
d. Understanding of ARP and Gratituous ARP.
e. Communication between 2 devices in a single broadcast domain.
4. Layer-3:
a. Deep understanding of routing.
b. Complete flow between 2 layer-3 devices.
c. Changes happen to a packet while it traverses through various layer-3 devices.
d. How does a firewall different from other Layer-3 devices.
e. Routing Protocols – RIP, OSPF, BGP (only if u say u know the basics but only the basics)
5. Firewall Concepts:
a. NAT – all types and how it works (detailed understanding and difference between each)
b. Firewall usage (Policies, screening etc)
c. VPN – Everything about VPN.
d. UTM - Understanding of how firewall behaves, decides and handles the packet with respect to the UTM features
6. Others:
a. NSRP (complete understanding and troubleshooting)
b. Transparent mode.
c. Traffic Shaping
d. VOIP (troubleshooting approach)
e. Logical thinking and troubleshooting approach with respect to an issue.
f. Confidence
g. Communication.
</pre>
= Wipro =
Line 770 ⟶ 1,503:
What changes are required in the Firewalls for NAT-T?
Screening options? Name of 3 Attacks? SYN Flood attack limit? UDP attack limit?
= Mphassis =
When Next-hop lookup take place in ScreenOS flow? After policy lookup or at Arp lookup?
Silly window protocol
URG vs PUSH Flags
Urgent pointer
ARP in ipv6
IKE v2
Active vs Passive FTP - ALG
Overlapping subnets without NAT
ospf v6
ipv6
Netscreen session analyzer
AH vs ESP in Wireshark
DHCP
DHCP Relay agent
2 DHCP servers in a subnet/Network
Hub and Spoke VPN - Policies
Tracert in Windows vs Linux - Tracert using UDP
On Unix-like operating systems, the traceroute utility uses User Datagram Protocol (UDP) datagrams by default, with destination port numbers ranging from 33434 to 33534.
The traceroute utility usually has an option to instead use ICMP Echo Request (type 8) packets, like the Windows tracert utility does, or to use TCP SYN packets.
Tracert 3 values
4 way handshake- Benefits
ALG opens:
Pasv - in passive mode opens port
Port - in active mode opens port
Diff bw ACL & Poloicy? ACL is at Interface level;Policy at Zone;;ACL= network/transport layer;Pol=ALG=Application layer
Session layer handles Dialog control.
How to block P2P?
= Accenture =
VR vs VSYS
What are UTM Features?
Can you assign 4 zones to 4 VRs? What routes need to be configured?
Ans: Trust-vr to Untrust-vr default route already exists by default, need to create a Reverse route.
Migration plan for ScreenOS to SRX?
VPN Migration
OSPF areas, type 7
BGP route selection
BGP route reflectors
What is PFS?
What is DH protocol? How it works? WHich versions are supported in ScreenOS?
What are phase 1 stages
Tunnel interface
Flow in ScreenOS
What is ALG?
;2nd level
What is a VPN?
ESP vs AH?
How NSRP Failover occurs?
What is a Null Route?
What is a Cookie? How is Cookie Calculated?
What is a Control & Data Link?
What is NSRP Lite?
NSRP Virtual MAC Calculation?
Proxy-ID? Which Phase?
What is VSI? VSD? How is VSI assigned? (eth0/0:1)
Can we assign IP to HA Interface?
What is a Management Port? Can it have User/Passthrough Data?
How do you create a Zone?
Select Layer 2 or 3
Select VR
Priority order of VIP, Source Nat, Dest NAT, Policy NAT?
Default NSRP Priority?
100
What is RTO?
What is FSTAB? min space for booting a device?
Functions of DevSrv?
NSM Distributed Architecture?
What is a VLAN? Duplex? Collision? Trunk?
What is rsync? Where is it used in NSM?
Difference between rsync & SCP?
Scp basically reads the source file and writes it to the destination.
It performs a plain linear copy, locally, or over a network. Use scp for your day to day tasks.
Commands that you type once in a while on your interactive shell.
Its simpler to use, and in those cases rsync optimizations won't help much.
Scp has only a few switches.
Rsync also copies files locally or over a network.
But it employs a special delta transfer algorithm and a few optimizations to make the operation a lot faster.
Rsync has a plethora of command line options, allowing the user to fine tune its behavior.
It supports complex filter rules, runs in batch mode, daemon mode, etc.
For recurring tasks, like cron jobs, use rsync.
It will take advantage of data already transferred, performing very quickly and saving on resources.
It is an excellent tool to keep two directories synchronized over a network.
NSRP supported in Transparent Mode?
Yes, When operating in Transparent mode, the backup in an Active/Passive pair can only be managed from one Layer 2 zone at a time. By default, this zone is V1-Trust. If management is needed from V1-Untrust, V1-DMZ, or a custom layer 2 zone, use the command:
set interface vlan1 nsrp manage zone <zone name>
Note: This command must be enabled on both devices in the NSRP cluster. Verify:
get interface vlan1
In backup mode, only traffic from V1-TRUST can manage the box Note: Ensure that the manage-ip addresses are different for both the primary and backup firewalls.
NSRP States? What is Inoperable state?
OSPF Areas? Type 7 LSA? In backbone converts to what?
Difference between init 0 & init 6?
= Tech M =
V,E,B bit in OSPF
LSA area 2,0,1
LSA Type 3 -6 routers in area 2
Type 3 LSA area 1-0-2 changes?
L2TP VPN Flow?
No of Junos Candidate configs?
= BT Interview =
vip vs nat-dst diff?
Ans: Vip needs same subnet IP as interface IP
diff policy vpn vs route vpn?
encrytion at which packet during vpn Aggr /main mode?
diff bw main and aggr mode?
More secure which 1 ?
Ans: IKE ID (name) is sent in plain text in Aggressive mode & encrypted in main mode.
Intrazone block option?
Mip has no port translation
Route based VPN : 1) has tunnel 2) NAT Dest supported.
What are the IKE v2 benefits?
NSM Services ==> HASrv, DevSrv, GuiSrv
If all devices seems to be down in NSM ==> DevSrv service is down
Requirements for NSRP Active-Active? VSI interfaces config
Change timeout value of a Predefined service - Yes, Possible by editing the service.
Life Size, key change after 100Mb data transfer? Cisco 1 GB? Juniper?
Life Size is in which phase? Phase 2 only. Life time is in both Phase 1 & 2.
Vsys config
SSG 550M ==> what is meaning of M? = can be converted to Junos J-series Services Route
Enable ALG on a custom service? Create policy, select custom Service & select Application to select the ALG.
Can you create a VPN with overlapping subnets using Policy based VPN?
What is Rommon/Bios in ScreenOS called?
Ans: Bootloader
ScreenOS vs SRX
What is difference between 8,2 & 8.3 Cisco ASA firmware?
8.2 packet arrives - check ACL before un-natting ==> create ACL with translated IP not real
2 nats> static or GLobal
8.3 object Natting ==> instead of calling, calling object in ACL ==> ASA will do NAT first & ACL should be added for real IP.
Object or Twice NAT.
IPv6 is supported in ScreenOS or not?
= McAfee =
packt filter fw
stateful fw
scenario: reverse traffic
tcp 3way -flags
What is flow control?
ospf vs rip differences
port no of http,dns,https,etc
what is dns?
chown
chmod
Disk usage - df -h
System resources - top, pstree
SMTP Test with Telnet:
dig example.com mx
nslookup -query=mx example.com
mx1.example.com
mx2.example.com
telnet mx1.example.com smtp
HELO client.example.com
MAIL from: <sender@example.com>
RCPT to: <recipient@example.com>
DATA
From: sender@example.com
To: recipient@example.com
Subject: Test message
This is a test message.
QUIT
HTTP test using telnet:
To retrieve the document as well as the headers, use GET instead of HEAD. If you want the root document, use GET / HTTP/1.1 (or HEAD / HTTP/1.1).
telnet www.example.com http
HEAD /example/example.shtml HTTP/1.1
Host: www.example.com
Connection: close
= TechM (Chd) =
* SRX fxp1 interface
For SRX240B:
ge-0/0/0 interface will be mapped to fxp0 (out-of-band management)
ge-0/0/1 interface will be mapped to fxp1 (control).
The interfaces that are mapped to fxp0 and fxp1 are device specific.
* IPS blocked webmail. Where to get the alerts?
Analysis & Reporting > IPS > Intrusion Events
* Upgrade process of Sourcefire Sensors:
Reimage:
Reboot Sensor
Select System Restore
Set IP config
Select SCP, Enter Server IP, Credentials & ISO File name
Download & Mount ISO
Install
Reboot
* Screenos flow
* What is Sanity Checking?
* VPN
* NSRP Preempt behavior
* Proxy Server Experience
= ZScalar (Chd) =
DNS? need for DNS
Traffic troubleshooting
HTTP is in which layer?
DNS uses protocol? UDP & TCP
Why not use UDP for all DNS traffic? (Ans:Huge Overhead)
Reverse of DNS possible?
ScreenOS CPU utilization check command
Port no of DNS, SSH, HTTP
SSH access is there but WebUI not opening?
;2nd Level
302,403,401 error HTTP
SSL Handshake steps - 4 phases
Hashing vs Encryption, examples of protocols
Port Numbers - 80, 443
Proxy Server functions
ALG - Active vs Passive FTP
Destination NAT - Proxy ARP, Server issues, Debugging
If the Server does not have a reverse route to reach firewall,it will drop reply packet. Workaround is to create a Source NAT rule in firewall
Aggressive vs Main Mode
Is Preshared Key, ID shared in clear text in Aggressive mode? (no, its Hashed)
Dynamic IP in Site, Which mode is used? (Aggressive)
What is a Digital Signature?
= Convergys (JTAC L2) =
* VPN traffic is not reaching other gateway device? How to prove?
Ans:Take snoop simultaneusly at both sites.
* What filters to use for VPN Traffic?
Ans: 4 filters- two for & to the gateways, two to & for the PCs
* 4 VPNs between 2 devices, how to identify which packet is for which VPN?
Ans:SPI will be unique & remains same for a single VPN
* ESP has Port no?
* IMP:What is NAT-T? Why packet will drop without NAT-T? at which packet exchange will it drop?
Ans:At which packet level does it start using UDP port 4500?
*Scenario 1:
3 firewalls are in full mesh VPN. 2 firewalls A & B have overlapping subnets.
Why will the ping from A to B private IPs fail?
Will VPN come UP?
What is the solution?
Ans: to use MIP in Tunnel
Ping from A to C private IP will fail?
Ping from C to A private IP will fail?
*Scenario 2:
Client is conected to a L2 switch. Switch to Firewall. Firewall to Internet. Client does an active FTP connection to FTP server.
How will traffic pass through firewall?
What is the role of ALG?
Which command of FTP is used?
IMP:Which 2 parameters of FTP Command are useful?
Ans: 1. PORT Command; 2._________
*Troubleshoot Latency
*Fragmentation in detail(ID Field, MF flag, Frag Offset)
*TCP SACK
*TCP WSF? is it Unidirectional or bidirectional? Max value for WSF? Max Window size?
*You have two PCAP files for same firewall. One on Ingress port & one for Egress port.
How to find out latency? How to find packet drops? How to trace packets(ID Field)
= TechM (Chd) =
* Ph1 Configuration steps
* Ph1 Troubleshooting
* Traffic not reaching Destination roubleshooting
* NAT in ScreenOS
* VIP
* Nat DST
* DIP
* Troubleshooting VPN
* Commands in ScreenOS
* TCP in juniper srx flow
= Akamai =
* Detailed data transfer(http/ftp) steps
* EC Window, CWR
* 3-way handshake (Sequence number was wrong)
* Acknowledgment field value in a Syn Packet
* Window size=0; what conditions
Server is overloaded
Window scaling is not supported or configured
Some old OS in use by server
* Fields in a TCP & IP Header
= Iopex =
* IP Header Fields, Flags & length
* TCP Header Fields, Flags & length
* How ICMP will recognize reply message? Identification field
* Where Segmentation occurs
* What is MTU
* URG vs Push Flag
* Data Offset
* NAT-T
* DORA
* DHCP Relay
* Use of GARP
* Port no of Telnet, SMTP, FTP
* Why FTP uses 2 ports
* Phase 1 parameters
* Phase 1 errors
'''If Proxy ID mismatch occurs, will VPN come up or just data will not transfer?'''
IKE Phase 1 successful, Phase 2 fails due to proxy-id mismatch
The Proxy ID on the local and remote VPN device must match for phase 2 to complete the VPN negotiations
* Use of Inverse ARP(Frame Relay)
* Scenario: Ping from PC1 to PC2 - Explain ARP, IP, MAC table, etc
[PC1]------[SW]------[Router]------[PC2]
= Arcesium =
* What does Directory Execute (x) permission means? ability to 'cd' into that dir
* Which cmd sets max size of core dumps? ulimit
* Which cmd used to inspect system call made by running proces?
strace
ptrace ?
lsof ?
* In bash which cmd used to execute a shel script in current shel context?
source
exec
'.'
all of the above ?
* Print top 5 lines
cat foo.txt | head -5
head -5 foo.txt
* Redirect error stream to file errors? foo2>errors?
* Command used to create a new process? fork()
* Command to continue process after closing terminal? nohup
* init was replace by which default service manager in RHEL? systemd
* Check env variables of a running process?
env
htop
/proc FS
all of the abpve?
* Web Server can do what?
caching
LB ?
Proxy
URL Rewrite
* HTTP/2 was inspired by what? SPDY
* Most commonly used compression in response from server to client in HTTP? gzip
= Interview Questionaire =
;General
* Benefit of using Transparent mode?
* Basic difference between IDS & IPS?
* SSL VPN
* Phase 1,2 no of packets? encryption starts at which packet in VPN?
* PFS
* VPN Troubleshooting
* Stateful Inspection
* Aggressive mode / Main mode more secure?
* Task/Flow CPU High
* Reasons for High Memory?
;ScreenOS
* Flow in Netsreen firewall
* MIP vs VIP
* Multi-Cell policy
* Traffic Shapping is config where?
* 100 VPNs terminating on the Juniper firewall? Filter
* Pseudo session ?
* Snoop Detail?
* Debug flow basic
* Precautions while debugging
* Sync NSRP devices manually
* NSRP non-propagating parameters
* How to avoid Split-Brain scenario?
* How to avoid No Brain scenario?
* Secondary path in NSRP
= Achievements =
* Rockman Cyberoam ARP script
* Rockman Nagios Monitoring
* Wipro BP SRX & NSM Repro
* Citrix SDWAN VoIP repro
* Citrix CodeRed - PHP/Laravel
* AVI Case Alert script
* AVI config Parser
* AWS VPN Log Parser
* Endian Firewall Deployments
* NIC Snort IDS
* NIC Nessus Vulnerability
* Citrix SDWAN SME/Dev Deployment
* Cloudwatch Alarm S3 Bucket Objects Lambda function
| |||