Round 1

• BGP Route manupulation

Directions?

• Anycast
• Linux check WSF
• SSL speed up at LB level:

 Session Ticket
 OSPC Stapling

• Cookie Uses
• Google BBR - congestion control algorithm
• DNS check if reply is spoofed or not?
• How does DNS client knows when to switch to TCP?

TC Flag

Round 2

• Experience with diffcult customer
• Learnt from feedback

Windows

• How to remotely access Windows server?

RDP, VNC (Teamviewer, Webex for PC)
RDP Port no
TCP port 3389 and UDP port 3389

• Page file
• Service
• Service fails, how to check logs? (Event logs viewer)

Linux

• Kernel
• Inode
• Check CPU, Memory, HDD info?
• Check Load Average? What is the output?(1,5,15 min avrg), what does it mean?
• Check Clients we are connected to? netstat -ant -> Foreign Address
• ifconfig -a - eth0:1 - What does :1 mean? (vlan)
• Check file in use by which process? lsof
• Runlevels
• Check DNS config? /etc/resolv.conf & interface config
• Iptables?

Networking

• NAT
• How does Traceroute works?
• Request & response headers

curl -v http://google.com

• Commands used in daily troubleshooting

telnet 
nc 
ipconfig
netstat
traceroute
top
ps
free
df
dh

Scenario

[PC]---------[Website]
1st attempt - 404
2nd attempt - 200
3rd attempt - 404
4th attempt - 200
LB having 2 servers, one is not having app installed, check logs & disable it.

Round 3 - Behavioral

Round 4 - Architecture

• Explain case you have worked - Voip CB Repro
• Design a Ecommerse website with full redundancy, explain protocols used:

  - Avi SE scaling, use 3 node cluster for controller
  - Use 2 AZs
  - How DB will sync
  - GSLB usage - geodb Networking
  - how persistence will work
  - Storage redundancy
  - Storage slow, use SSD
  - Pics load slowly in Japan

Round 5 - Linux

• Boot process in detail
• What is kernel? How does it communicate with HW/User? System calls
• Name the various System calls
• What is initrd ? What it contains/does ? (drivers to load disk,etc)
• Runlevels
• Upstart/Systemd
• What is Swap?
• How to find swap usage?
• How to find if a file is moving from RAM to SWAP? iotop(process wise usage) & iostat(part wise usage)
• How to check processes using most CPU/How to check CPU usage per core?
• Process States:

   - Stop   (my answers)
   - Start
   - Running
   - Sleeping  ==> Interupptable waiting/ uninterruptable waiting -> Explain each
   - Killed
   - Zombie

• Type of File systems - FAT32/ExFAT, NTFS, EXT3, EXT4
• How to use a brand new disk in Linux machine

- Format
- Partition
- Mount

• What are permissions -> 640?

 6 -> user      - Read/Write
 4 -> group   - Read
 0 -> Others - None

• How to check Memory usage - top//free -m // cat /proc/meminfo

  - Buffer/Cache field?
  - Swap field?

• How to troubleshoot if a file stopped coping in between saying no disk space, but disk space is there.

 df -h => check free disk space
 df -i  => Free inodes check

• What is inode? How can they get full(mail server; large no of empty files)?

Round 6 - Networking

• Design a website for 500 Employees - use 2 AZs?
• Troubleshoot a website not reachable?

curl -I,   telnet,    nc,    ping

• How to check if DNS is working or not?

dig @42.2.2 google.com

• Check packet captures using tcpdump.
• Explain DNS resolution in Full details.
• Troubleshooting a slow website:

Top  --> CPU, Memory,  Process usages, Load avg
df -h  --> Disk usage
free -m
cat /proc/meminfo
netstat -ant
cpu ==> 0 "us" user space
top -o %CPU

• Explain TCP Window? How it can be full
• OSPF vs BGP? why not use OSPF for Internet instead of BGP?
• OSPF packet types?

   Hello
   DBD
   LSR
   LSU [LSAa]
   LSAck

• What is Area 0 in OSPF?
• BGP Attributes
• BGP getting more traffic from one ISP than other? How to balance that?
• What is DDOS attack? How to mitigate it?

Need to know about the type of attack
Syn Flood attack can be mitigate by using Syn-Cookie

• What is Syn-Cookie used for?

Round 7

• Repro Attempt
• Something not done within committed time
• Something done differently from a colleague
• Something you have done apart from regular work
• Tough Feedback received; What you did about it.

1st Round Online Challenge

Telephonic Round

Tell me something where you did something extra during a case/your job
Tell me something where you learned something during a case/your job
Where do you store your code(Github)? How can some one other edit code?
How DNS works? Explain in detail.
DNS traffic Flow? Search local cache > hosts file > DNS server
What is VoIP? How SIP works?
Scenario:
  [LB]------[srv1][srv2][srv3]srv4]
  Srv3 is slow, latency, how to troubleshoot? top, free -h, df -h
  How to check traffic requests coming per second? netstat -s, ss -s, tcpdump

Challenge

• OOM Killer
• Page Fault

A page fault (sometimes called #PF, PF or hard fault) is a type of exception raised by computer hardware when a running program accesses a memory page that is not currently mapped by the memory management unit (MMU) into the virtual address space of a process.

• Swap Memory
• DNS Rate Limiting Troubleshoot

Create Static entry
Increase Cache Time

• DNS latency in Server or Network Troubleshoot:

Check RTT for other traffic & DNS Specific traffic.

• Print below logs:

startTime : 12332121324
endTime : 21342313222
serviceName : abc
status : 200
------------------------
startTime : 12332121324
endTime : 21342313222
serviceName : abc
status : 200
------------------------
startTime : 12332121324
endTime : 21342313222
serviceName : abc
status : 200
------------------------
startTime : 12332121324
endTime : 21342313222
serviceName : abc
status : 200
------------------------
startTime : 12332121324
endTime : 21342313222
serviceName : abc
status : 200
------------------------

• My Solution:

f=open('text.txt','r')
l=f.readlines()

a=[]

for i in l:
if ":" in i:
a.append((i.strip('\n')).split(':'))

b=[]
for i in range(len(a)):
b.append(a[i][0])

b=set(b)

for i in b:
print(i,end='')

for i in range(len(a)):
if "startTime " in a[i]:
print(a[i][1],a[i+1][1],a[i+2][1],a[i+3][1],end='')
print('\n', end="")

Is UDP Stateful
How is UDP connectionless
FTP types
What is Frag Offset
IKE v1 vs IKE v2

Vpn support multicat,broadcst
dhcp across vpn, firewall interfaces in diff subnets
traffic shapping
fragmentation
ssl

   Traceroute
   ICMP though PAT {I think FW will identify each session based on Identification field}
   Bandwidth vs throughput
   DPD
   FW down, how long VPN will stay up
   Traceroute
   AnyCache Route
   Need for NAT-T
   Congestion Control
   Active vs Passive FTP
   WAN Optimization

   Point to Point Network stuck at 2-way state in OSPF
   OSPF loop prevent mechanism
   why Bgp is used in enterprise
   Famous BGP communities
   STP replacement => switch fabric in nexus sw

Telephonic Screening

   DHCP, which packets are unicast, why?
   3-way Handshake parameters exchanged
   How Traceroute works
   VLAN, types of ports, importance of Trunk interface
   Router on a stick
   Importance of TTL
   IP header fields
   How certificates verify URL? Can it be Tempered?
   What is SACK
   What parameters change in a packet when crossing a Router? Does it recalculate Checksums?

2nd 3rd Round

   HTTP 1.0 vs 1.1
   What is Hyper-visor?
   How Virtual Network Works?
   Difference between Bridge & Switch?
   Example of L4 Service in Netscaler?
   How does a HTTP Request looks like?
   Explain a case you worked recently
   How Content Switching Works?
   Python script logic to find duplicates in list(using arrays)

x = [1,2,4,6,8,2,0,3,4,1,9]
for i in range(len(x)):
   for j in range(i+1, len(x)):
       if x[i] == x[j]:
           print x[i]

   WanEM usage in Repro
   Jitter vs Latency
   DNS ALG Working
   DNS Doctoring, DNS across NAT
   Does DNS use TCP or UDP? Who decides it?
   Active vs Passive FTP, ALG working
   3-way Handshake
   What parameters are exchanged in 3-way Handshake
   What is Window Scaling Factor?
   How to calculate MTU?
   What is HTTP Option Connect used for?
   What is use of SACK?
   OSPF States? How is Master Elected(Highest Router ID becomes Master)? At which Stage?
   What is 2 Way State?
   Is OSPF Reliable protocol?
   What are DBD, LSU, LSAck? Which ones are Acknowledged?
   What does IP Packet looks like?
   What is DF Bit?
   What ICMP Message is sent when Packet is dropped due to larger packet than MTU with DF set?
   Can MTU be larger than 1500?
   What is Elastic IP address?

4th Round

   TCP 3way Handshake in Depth
   What value Sequence number represents?
   TCP Slow Start
   How does Receiver controls flow so that it is not overwhelmed by Data? (Delayed Ack & Windows = 0)
   Explain flow in below scenarios:

                [PC]-------[SW]--------[SW]------[PC]
                [PC]-------[SW]-------[Router]----[SW]------[PC]

   Explain Source & Dest MAC & IP values in above scenarios at each stage.
   How does Switches in above populate MAC Table?
   How is the ARP a Broadcast with Destination MAC as 00:00:00:00:00:00? (This is at ARP header, BC uses ff:ff:ff.. in Ethernet header)
   What is DNS Iterative & Recursive Query?
   OSPF: what parameters need to be matching in hello?
   Does Stub Flags need to be matched?
   What can be the issue if it gets stuck at Init state?
   What can be the issue if it gets stuck at Exstart state? MTU Mismatch.
   Scenario based Internet is not reachable in depth Troubleshooting for: [PC]----[Router]----[Internet]
   How Traceroute works? Which protocol it uses? (ICMP & UDP)
   SSL handshake? when Server cert or Client cert asked?
   What does certificate looks like? What fields are there?
   How are SSL Keys Calculated?
   How Virtualization works? XenServer? What is Hypervisor?

5th Round Consulting

   What parameters need to be configure in a Firewall initial setup? Screening, NAT, Routing, Policies, MIP, VIP?
   Can a ScreenOS FW work on L7? yes with ALG, AV, DPI.
   Explain OSPF case you worked?
   Have you created any Scripts?
   Netscaler case you worked recently
   How to find out a session among 224K users, when customer dont know IP address? (Can use Curl custom User Agent & Filter it in traces)
   Difference bw HTTP 1.0 & 1.1
   How to TS Latency in wireshark? Enable Timestamp - Preference > Protocol > TCP > Calc TS.
   How does HTTP Request look like? Which fields are mandatory?
   What is the importance of Host Header? (used when server is having multiple virtual hosts bound to same IP address, used to send request to correct vhost)
   How to configure Apache Server? What are the various directives? What is root directory?
   How does HTTPS figure out the correct Server certificate to be sent if multiple vHosts bound to same IP address? At what stage in SSL?
         There is an TLS Extension called SNI, used to MAP correct Server Name to Certificate.
         Sent in Client Hello?? [Need to verify]

   Linux Knowledge? Explain any case resolved with that?
   App is not accessible in below scenario, How to troubleshoot:
       [PC]-----[Router]-----[Server]
       IPtables, CPU, Memory, HDD, etc
       LSOF, open file limit in old Unix very less ~256, need to extend it, in linux Socket is same as files, so server stop responding after 256 limit.

   LB 2 commomnly used methods (Source IP & Cookie Insert), How they work?
   Which one is more scalable/Efficient?
        Stateless Session Persistence: Cookie inserted by ADC is more efficient because no need to create a table, NS will insert cookie & forget, with reply, it will read cookie value, decrypt it & fwd request.
        State-full Session Persistence: Server will insert cookie, NS will hash it & fwd based on Hash value but will need to keep a table in memory with all hashes & IP Addresses.
        Same is true for Source IP based Persistence, Also inefficient behind NAT
        Using Set-cookie-header = by Server - insert Name & Value Fields
        Client sends cookie in Cookie Header
        Who ever generates cookie, will be able to read it

   Explain Repro efforts you have done in details.

10th Round

   Explain SIP Flow
   Does it uses TCP? (no it uses UDP for both SIP & RTP)

   Reno
   Difference b/w Http/1.0 and Http/1.1 - Only Persistent connections & more methods? yes methods as well
   Cookies, Caching and proxy - not in much detail types and little explanation is fine
   Time Stamping : [1]
   RTT calculate = Time to segment send + ack received without retransmission
   How MSS value is decided = decided by server & client & sent in 1st & 2nd Packet? send informs its MSS ,exchanged in 1st and 2nd packets of 3 way handshake
   Relationship between MSS and MTU = MTU - [IP & TCP Headers] = MSS
   Difference b/w them IPSec and SSL? [2]
   Why IPSec uses two phases and ssl one phase? main purpose of 2nd phse of IPSEC is to provide PFS as it is normally used for long duration connections (eg VPN ) while SSL is used for comapartively short durations additinal steps are required to enable PFS in SSL,Refer link[3]
   Nat-t hash calc = RFC file's HASH? Yes - [4]
       The HASH is calculated as follows:
       HASH = HASH(CKY-I | CKY-R | IP | Port)

   Nat which side, marker?
   How query resolved? Meaning Recursive & Iterative? clients send recursive queries, ISP DNS servers do iterative queries likewise flow can be explained
   Reverse DNS query? Where is this used? in IPv6? mails, nslookup etc.
   DHCP Flags - Which Flags? all are important - DHCPOFFER: 0x8000 for broadcast, 0x0000 for unicast
   DHCP - DORA Process, Flags, Relay
   Http status code
   Http headers
   Cookies, Caching and proxy
   Types of ARP and explanation & usage
   TCP and UDP difference
   3 Way Hand shake
   TCP flags
   Difference b/w PSH and URG
   TCP options
   MSS, SACK,
   Widow scaling
   Slow start and fast re-transmission
   TCP well known ports
   Fragmentation
   SSL Handshake
   DNS Types of records, Zones, How query resolved, Reverse DNS query

HTTP Topics:

7 Header Fields
7.1 General Headers
7.1.1 Cache-Control
7.1.1.1 Request
7.1.1.2 Response
7.1.2 Connection
7.1.6 Transfer-Encoding
7.1.7 Upgrade
7.1.8 Via
7.2 Client Request Headers
7.2.6 Cookie
7.2.10 If-Match
7.2.11 If-Modified-Since
7.2.12 If-None-Match
7.2.13 If-Range
7.2.14 If-Unmodified-Since
7.2.18 Referer
7.2.19 TE
7.3 Server Response Headers
7.3.3 ETag
7.3.5 Proxy-Authenticate
7.3.8 Set-Cookie
7.4 Entity Headers
7.4.10 Last-Modified
8 Caching (overview is fine if not able to read completely )
8.1 Request Directives
8.2 Response Directives
10 Security
10.3 DNS Spoofing
10.6 Proxies and Caching

   Http status code
   Http headers
   Cookies, Caching and proxy
   Types of ARP and explanation & usage
   TCP and UDP difference
   3 Way Hand shake
   TCP flags
   Difference b/w PSH and URG
   TCP options
   MSS, SACK,
   Widow scaling
   Slow start and fast re-transmission
   TCP well known ports
   Fragmentation
   SSL Handshake
   DNS Types of records, Zones, How query resolved, Reverse DNS query
   DHCP - DORA Process, Flags, Relay

   FTP active vs passive - policy required
   ARP vs GARP
   ARP packet vs GARP packet differences
   PUSH vs URG. Which one will be process earlier in receiving side?
   VPN Scenario
      -2 VPN Tunnel
      -One using Internet & other MPLS
      -Source is same
      -Destination has 2 servers
      -10.1.1.1 = secure app
      -10.1.1.2 = general app
      -Secure app should use MPLS
      -General app should use Internet

   SA?
   SA vs Proxy id
   Route based VPN with non juniper device possible? what differences?
   Fragmented traffic - whoo will fragment? How will dest know if it is a last fragment?
   MTU vs MSS?
   Max MTU size for ethernet?
   Max MTU value for fiber optic possible?
   Window?
   Max Window size
   Will receiver send Ack immediately after receiving a segment is received
   SSL Handshake
   HTTP Status Codes
   HTTP Request and Response methods
   SRX flow
   SRX Why SNAT & DNAT before route lookup
   What was the issue with ScreenOS NAT lookup method
   Types of NAT supported in SRX
   Logs which plane generates - data/routing plane

   3-way handshake
   Why 2nd syn
   Parameters exchanged in 3 way handshake
   TCP flags
   Push vs URG flag
   MSS vs Window size
      Receive window size is the maximum amount of received data, in bytes, that can be buffered at one time on the receiving side of a connection.
      The sending host can send only that amount of data before waiting for an acknowledgment and window update from the receiving host

   PC connected in LAN. What will happen - GARP, DHCP, etc
   GARP - src & dst MAC
   GARP - Ethernet header MAC
   DHCP - DORA process
   User unable to access Internet - Troubleshooting Approach
   User traffic blocked in FW - Troubleshooting Approach
   Latency in FW troubleshooting - Troubleshooting Approach
   Main vs Aggressive Mode difference? Which one is faster? Which one is secure?

   OSPF + VPN + FTP; FTP is slow
   Dailup VPN
   RTT
   Hub & Spoke VPN
   FTP across Network is slow
   What is Acknowledgement
   What is MSS
   Aggressive Mode vs Main Mode
   FTP Slow across Switch, Router, FW; How to Troubleshoot.

   TFTP ALG? Yes TFTP requires ALG
   DPI = Deep Packet Inspection
   Bastion Host
   Will the firewall work without a default gateway? What if the device is in a LAN only?
   What should be the position of the IDP and IPS?
   What is HIPS?
   Architecture of checkpoint firewall?

On TCP/IP:
•    Window scale, SACK , mss, mtu , TCP off-loading complete details about each topic and troubleshooting scenarios on the same.
•    How does TCP headers looks with SACK in action ?? like does it still uses ACK feild or not? if it uses then what info does ACK and SACK feild contains?
•    Fragmentation scenarios: where in we will be asked about packet headers, after fragmentation at various hops.
•    How does ICMP path discovery works.How does it work with presence of vpn/tunnel?
•    How do you truobleshoot using wireshark packet capture?? I was shown a wireshark capture of HTTP access to various site/urls!I was asked to short-list all the urls accessed during the capture time; use filter "http.host". likewise they might ask different filters!!
•    Troubleshooting approach on some traffic not working...

VPN:
•    CISCO thinks ourteam is strong at this topic:-)!! so they ask in and out of VPNs, different troubleshooting scenarios, with NAT, how VPN works with NAT device in between n all.
•    Other than VPNs and TCP/IP they will ask questions on topic that we mention in our resume!! Unfortunately i mentioned about SNMP ;-) so they asked some basic questions: Like why is it used for? whats the diff bw v1 & V3 of SNMP?

SIP:
•    complete working:messages:
•    Whats SIP re-invite ?
•    how does DHCP server recongnises different SIP phone vendors?

Multicast:
•    I explained basic working and diff modes i knew.I told them i dont have in depth knowledge.
•    Is it necessary to have (S,G) entry ??something like that..dont remember properly
•    Tom(ESC engineer) will ask one of best case experience!!! be prepared to answer with troubleshooting steps u followed,upto packet level details.

ALG:
1.    What is alg. And also they asked about specific examples about how ALG functions. (Typically expecting FTP)
2.    Difference between active and passive FTP (In detail including the PASSV command)
3.    When there is a control channel established in FTP, and we open a data channel, do we see a three way handshake happening again on wireshark captures? Ans is yes.
4.    What is the use of ALG in case of passive FTP.

SIP:
1.    Explain the procedure of SIP message exchange starting from a new phone booting up and registration? – Read from CnE given nicely along with headers. They expect headers.
2.    How does ALG help in SIP << Here they expect the function of ALG looking into the SDP headers and open pin holes based on Connection and media identifiers in SDP.
3.    Difference between DHCP discover sent by IP Phone and Computer? Ans: Options field vary in both (No reqd in detail)

Then they asked me about the most difficult case I handled.

1.    Then they discussed about how the SACK and WSF help in flow control and congestion control
2.    How can we achieve the same functionality of trace-route using IP packets assuming that trace route is blocked in the network? Ans: IP header there is option of source route which helps us in doing the same.
3.    Also asked about fast transmit, slow start and congestion avoidance along with TCP chimney and TCP offloading engine
4.    Screening all the options in detail.
5.    How does SMTP work
6.    What is the use of reverse DNS lookup
7.    How do u ensure that the clear text traffic is getting encrypted or not, if you have captures at internal and external interface of the firewall? << By looking at size and time field in the captures>>
8.    What is protocol anomaly.
9.    DHCP relay and dhcp message exchanges.
10.    Scenario: PC-1 is in vlan10 and dhcp server is in vlan20. Now PC-1 boots up how will it get the IP address and flow associated with the same. << Explain the concept of dhcp relay>>

RFC round was TCP—rfc1323. And cross Qn as per the presentation.


•    How do you Troubleshoot High CPU.
•    About NSRP. (concept)
•    Types of NAT and its uses.
•    Few general questions on URL filtering.
•    How will you filter a HTTPS URL.
•    Why do we use GRE over IPSec?
•    If IPSec has encryption then why we need GRE?
•    Basic of SNMP regarding community an all

Q: + 3 web servers behind the firewall. All are accessed from the internet through MIPs.1 out of 3 web servers is not reachable. Troubleshoot
Ans:
check traffic from the client to firewall through internet. OK
Communication between server and firewall. NO
Sniffers on firewall and server. OK
Firewall traffic sent but nothing on the server.
Check any devices between them?
only a switch.
narrow down the problem on the switch.
Possibly an ARP issue.
when check the switch the MAC of the server was mapped to wrong port.

Q: Remote connect VPN. When connected internet does not work.
Ans:
Internet VIA local network or through VPN? Through VPN
When VPN connected only Internet is down or not able access internal resources also? Only internet.
Flow issue
check flow
correct route? Yes
then policy
correct policy? No need policy as it is between same security zone.
Is intra zone block on? It is OFF
At last it was like there is some option in CISCO when the traffic come from same interface and goes out through the same we need to set some command to allow.

Q: Site to site VPN. Site A has a Web server and we are trying to access from site B but it does not happen.
Ans:
VPN UP? Yes.
Only this server or other local resources? Only this server
Check flow?
Both sides packet sent to tunnel.
Sniffer on ingress site A? Yes we see packet.
Sniffer on egress site B? NO we don’t see anything.
What do we see?
3 way handshake, http get() but data sent from source but not receive by site B.
Ans. DF bit set. How to handle this. Adjust MSS.

Q: SSL VPN?
NO IDEA NEVER WORKED

+ ANY PRODUCT KNOWLEDGE IN CISCO?
NOPE ONLY JUNIPER


•    ISAKMP headers,payloads
•    If u r using other than IPSEC does ISAKMP is supported nd how?
•    ARP
•    Headers and how does it change with the propogation
•    TCP/ip and ethernet " " " " " " " "
•    PC-->SWITCH--->ROUTER--->SWITCH--->PC(Changes in ethernet,arp,tcp,ip header)
•    Checksum calculation of TCP header
•    mss,mtu
•    incase of latency what do u see in wireshark.What all fields, u chk for ?
•    GRE over ipsec headers
•    GRATITIOUS ARP and ARP header diff?
•    Scenario of assymetric routing..Ping was working but TCP connection was not working
•    How does trace route works
•    Sliding window ,Window size,scaling window factor
•    RTO,RTT?
•    ICMP, DIFF between MSL and TTL?
•    path mtu discovery
•    Wireshark in detail
•    Scenario of FTP ALG.Control session is being formed but data not flowing

IDP:
•    Attacks
•    Screening options
•    Vulnerability Tools
•    How do u write a signature
•    Linux

Study from:
•    Basics of TCP/IP from TCP/IP guide
•    C&E:Screening options ,attack and defence mecahnism
•    C&E:VPN


•    TCP/IP complete
•    What is slow start,why we use it ?Is it compulsory to use slow start?
•    What is congestion control?
•    How will you troubleshoot if you have congestion in the network?
•    Components of mss?
•    Complete DNS header
•    OSPF
•    BGP troubleshooting
•    ISAKMP header
•    Difference between AH/ESP ?OR tunnel mode/tranport mode?
•    Multicast
•    Sparse mode flow
•    PIM pruning
•    Source specific multicast
•    VOIP (SIP ALG---flow etc)
•    TCP chimney
•    TCP tickle

   TCP vs UDP - what is a reliable service?
   TCP Flags - names & roles
   RST vs FIN Flags
   2 types of FW technologies - Stateful vs Proxy
   User is sending confidential data in gmail. How will you capture it? HTTPS/SSL.
   Debug vs Snoop? Which is more CPU intensive? Debug
   Asymmetric Routing? ICMP redirection in context of Asymmetric routing
   What is NAT64? NAT 64 for traffic coming through a VPN?
                It is a simple NAT from ipv6 to ipv4.
   JSRP vs NSRP
   Backup Control plane possible or not?
                Not possible. Only active firewall will have a Control Plane.
   How to resolve Split Brain? Immediately resolve it using temporary fix
                Make one FW inoperable
   Cold sync
   Does Management Interface belongs to a VR?
                Yes: Its assigned to Default VR - trust-vr
   NSM manage through management interface
                Yes, in SRX it is managed through management interface.
   Logs transfer from NSM using management port
                Logs will transfer as they are self traffic.
   Can we connect NSM to FW using Mgmt interface. How will it send logs from Mgmt Interface.

SOC Profile

   OSPF states
   If Frag causes slowness. You lower the MTU. It resolves the issue. What change does it make?
        Ans: It bring MSS lower than MTU. otherwise every packet will defrag.. (i think)
   Does DHCP traffic needs policy? If yes what port numbers, What command is used?
   DHCP packet flow? What port numbers involved? Which packet is Broadcast or unicast?
   DHCP Relay agent packet flow? Commands?
   SRX: How to enable SSH access? what commands required?
   SRX: If HTTPS is enabled on Interface & SSH,Telnet on Zone, What access will work?
   NAT device installed by ISP in a VPN, What port, protocol numbers need to be opened?
   What changes are required in the Firewalls for NAT-T?
   Screening options? Name of 3 Attacks? SYN Flood attack limit? UDP attack limit?