by bobby on Fri Feb 13, 2009 2:01 am

x86 interview questions

These interview questions test the knowledge of x86 Intel architecture and 8086 microprocessor
specifically.

What is a Microprocessor? - Microprocessor is a program-controlled device, which fetches the

instructions from memory, decodes and executes the instructions. Most Micro Processor are
single- chip devices.

Give examples for 8 / 16 / 32 bit Microprocessor? - 8-bit Processor - 8085 / Z80 / 6800; 16-bit
Processor - 8086 / 68000 / Z8000; 32-bit Processor - 80386 / 80486.

Why 8085 processor is called an 8 bit processor? - Because 8085 processor has 8 bit ALU
(Arithmetic Logic Review). Similarly 8086 processor has 16 bit ALU.

What is 1st / 2nd / 3rd / 4th generation processor? - The processor made of PMOS / NMOS /
HMOS / HCMOS technology is called 1st / 2nd / 3rd / 4th generation processor, and it is made
up of 4 / 8 / 16 / 32 bits.

Define HCMOS? - High-density n- type Complimentary Metal Oxide Silicon field effect
transistor.

What does microprocessor speed depend on? - The processing speed depends on DATA BUS
WIDTH.

Is the address bus unidirectional? - The address bus is unidirectional because the address
information is always given by the Micro Processor to address a memory location of an input /
output devices.

Is the data bus is Bi-directional? - The data bus is Bi-directional because the same bus is used for
transfer of data between Micro Processor and memory or input / output devices in both the
direction.

What is the disadvantage of microprocessor? - It has limitations on the size of data. Most
Microprocessor does not support floating-point operations.

What is the difference between microprocessor and microcontroller? - In Microprocessor more

op-codes, few bit handling instructions. But in Microcontroller: fewer op-codes, more bit
handling Instructions, and also it is defined as a device that includes micro processor, memory, &
input / output signal lines on a single chip.

What is meant by LATCH? - Latch is a D- type flip-flop used as a temporary storage device
controlled by a timing signal, which can store 0 or 1. The primary function of a Latch is data
storage. It is used in output devices such as LED, to hold the data for display.
Why does microprocessor contain ROM chips? - Microprocessor contain ROM chip because it
contain instructions to execute data.

What is the difference between primary & secondary storage device? - In primary storage device
the storage capacity is limited. It has a volatile memory. In secondary storage device the storage
capacity is larger. It is a nonvolatile memory. Primary devices are: RAM / ROM. Secondary
devices are: Floppy disc / Hard disk.

Difference between static and dynamic RAM? - Static RAM: No refreshing, 6 to 8 MOS
transistors are required to form one memory cell, Information stored as voltage level in a flip
flop. Dynamic RAM: Refreshed periodically, 3 to 4 transistors are required to form one memory
cell, Information is stored as a charge in the gate to substrate capacitance.

What is interrupt? - Interrupt is a signal send by external device to the processor so as to request
the processor to perform a particular work.

What is cache memory? - Cache memory is a small high-speed memory. It is used for temporary
storage of data & information between the main memory and the CPU (center processing unit).
The cache memory is only in RAM.

What is called .Scratch pad of computer.? - Cache Memory is scratch pad of computer.
Which transistor is used in each cell of EPROM? - Floating .gate Avalanche Injection MOS
(FAMOS) transistor is used in each cell of EPROM.

Differentiate between RAM and ROM? - RAM: Read / Write memory, High Speed, Volatile
Memory. ROM: Read only memory, Low Speed, Non Voliate Memory.

What is a compiler? - Compiler is used to translate the high-level language program into
machine code at a time. It doesn.t require special instruction to store in a memory, it stores
automatically. The Execution time is less compared to Interpreter.

Which processor structure is pipelined? - All x86 processors have pipelined structure.
What is flag? - Flag is a flip-flop used to store the information about the status of a processor and
the status of the instruction executed most recently

What is stack? - Stack is a portion of RAM used for saving the content of Program Counter and
general purpose registers.

Can ROM be used as stack? - ROM cannot be used as stack because it is not possible to write to
ROM.

What is NV-RAM? - Nonvolatile Read Write Memory, also called Flash memory. It is also
know as shadow RAM.
Intel interview questions
The following questions are used for screening the candidates during the first interview. The
questions apply mostly to fresh college grads pursuing an engineering career at Intel.

Have you studied buses? What types?

Have you studied pipelining? List the 5 stages of a 5 stage pipeline. Assuming 1 clock per stage,
what is the latency of an instruction in a 5 stage machine? What is the throughput of this machine
?
How many bit combinations are there in a byte?
For a single computer processor computer system, what is the purpose of a processor cache and
describe its operation?
Explain the operation considering a two processor computer system with a cache for each
processor.
What are the main issues associated with multiprocessor caches and how might you solve them?
Explain the difference between write through and write back cache.
Are you familiar with the term MESI?
Are you familiar with the term snooping?
Describe a finite state machine that will detect three consecutive coin tosses (of one coin) that
results in heads.
In what cases do you need to double clock a signal before presenting it to a synchronous state
machine?
You have a driver that drives a long signal & connects to an input device. At the input device
there is either overshoot, undershoot or signal threshold violations, what can be done to correct
this problem?
What are the total number of lines written by you in C/C++? What is the most
complicated/valuable program written in C/C++?
What compiler was used?
What is the difference between = and == in C?
Are you familiar with VHDL and/or Verilog?
What types of CMOS memories have you designed? What were their size? Speed?
What work have you done on full chip Clock and Power distribution? What process technology
and budgets were used?
What types of I/O have you designed? What were their size? Speed? Configuration? Voltage
requirements?
Process technology? What package was used and how did you model the package/system? What
parasitic effects were considered?
What types of high speed CMOS circuits have you designed?
What transistor level design tools are you proficient with? What types of designs were they used
on?
What products have you designed which have entered high volume production?
What was your role in the silicon evaluation/product ramp? What tools did you use?
If not into production, how far did you follow the design and why did not you see it into
production?
Embedded systems interview questions

Can structures be passed to the functions by value?

Why cannot arrays be passed by values to functions?
Advantages and disadvantages of using macro and inline functions?
What happens when recursion functions are declared inline?
Scope of static variables?
Difference between object oriented and object based languages?
Multiple inheritance - objects contain howmany multiply inherited ancestor?
What are the 4 different types of inheritance relationship?
How would you find out the no of instance of a class?
Is java a pure object oriented language? Why?
Order of constructor and destructor call in case of multiple inheritance?
Can u have inline virtual functions in a class?
When you inherit a class using private keyword which members of base class are visible to the
derived class?
What is the output of printf("\nab\bcd\ref"); -> ef
#define cat(x,y) x##y concatenates x to y. But cat(cat(1,2),3) does not expand but gives
preprocessor warning. Why?
Can you have constant volatile variable? Yes, you can have a volatile pointer?
++*ip increments what? it increments what ip points to
Operations involving unsigned and signed — unsigned will be converted to signed
a+++b -> (a++)+b
malloc(sizeof(0)) will return — valid pointer
main() {fork();fork();fork();printf("hello world"); } — will print 8 times.
Array of pts to functions — void (*fptr[10])()
Which way of writing infinite loops is more efficient than others? there are 3ways.
# error — what it does?
How is function itoa() written?
Who to know wether systemuses big endian or little endian format and how to convert among
them?
What is interrupt latency?
What is forward reference w.r.t. pointers in c?
How is generic list manipulation function written which accepts elements of any kind?
What is the difference between hard real-time and soft real-time OS?
What is interrupt latency? How can you recuce it?
What is the differnce between embedded systems and the system in which rtos is running?
How can you define a structure with bit field members?
What are the features different in pSOS and vxWorks?
How do you write a function which takes 2 arguments - a byte and a field in the byte and returns
the value of the field in that byte?
What are the different storage classes in C?
What are the different qualifiers in C?
What are the different BSD and SVR4 communication mechanisms

Computer architecture and design interview questions

What is pipelining?
What are the five stages in a DLX pipeline?
For a pipeline with ‘n’ stages, what’s the ideal throughput? What prevents us from achieving this
ideal throughput?
What are the different hazards? How do you avoid them?
Instead of just 5-8 pipe stages why not have, say, a pipeline with 50 pipe stages?
What are Branch Prediction and Branch Target Buffers?
How do you handle precise exceptions or interrupts?
What is a cache?
What’s the difference between Write-Through and Write-Back Caches? Explain advantages and
disadvantages of each.
Cache Size is 64KB, Block size is 32B and the cache is Two-Way Set Associative. For a 32-bit
physical address, give the division between Block Offset, Index and Tag.
What is Virtual Memory?
What is Cache Coherency?
What is MESI?
What is a Snooping cache?
What are the components in a Microprocessor?
What is ACBF(Hex) divided by 16?
Convert 65(Hex) to Binary
Convert a number to its two’s compliment and back
The CPU is busy but you want to stop and do some other task. How do you do it?

Hardware design interview questions

Give two ways of converting a two input NAND gate to an inverter
Given a circuit, draw its exact timing response. (I was given a Pseudo Random Signal Generator;
you can expect any sequential ckt)
What are set up time & hold time constraints? What do they signify? Which one is critical for
estimating maximum clock frequency of a circuit?
Give a circuit to divide frequency of clock cycle by two
Design a divide-by-3 sequential circuit with 50% duty circle. (Hint: Double the Clock)
Suppose you have a combinational circuit between two registers driven by a clock. What will
you do if the delay of the combinational circuit is greater than your clock signal? (You can’t
resize the combinational circuit transistors)
The answer to the above question is breaking the combinational circuit and pipelining it. What
will be affected if you do this?
What are the different Adder circuits you studied?
Give the truth table for a Half Adder. Give a gate level implementation of the same.
Draw a Transmission Gate-based D-Latch.
Design a Transmission Gate based XOR. Now, how do you convert it to XNOR? (Without
inverting the output)
How do you detect if two 8-bit signals are same?
How do you detect a sequence of "1101" arriving serially from a signal line?
Design any FSM in VHDL or Verilog.
Explain RC circuit.s charging and discharging.
Explain the working of a binary counter.
Describe how you would reverse a singly linked list.
Source:devbistro.com

Networking Interview Questions

by bobby on Sun Jul 27, 2008 11:36 pm

Explain how traceroute, ping, and tcpdump work and what they are used for?
Describe a case where you have used these tools to troubleshoot.
What is the last major networking problem you troubleshot and solved on your own in the last
year?
What LAN analyzer tools are you familiar with and describe how you use them to troubleshoot
and on what media and network types.
Explain the contents of a routing table (default route, next hop, etc.)
What routing protocols have you configured?
Describe the commands to set up a route.
What routing problems have you troubleshot?
How do you display a routing table on a Cisco? On a host?
How do you use a routing table and for what?
What is a route flap?
What is a metric?
When do you use BGP, IGRP, OSPF, Static Routes?
What do you see as current networking security issues (e.g. NFS mounting, spoofing, one time
passwords, etc.)?
Describe a routing filter and what it does.
Describe an access list and what it does.
What is a network management system?
Describe how SNMP works.
Describe the working environment you are currently in, e.g. frequent interruptions, frequent
priority shifting, team or individual.
What do you use to write documentation? Editor? Mail reader?
What platform (s) do you currently work on at your desk?
How do you manage multiple concurrent high level projects?
Describe a recent short term stressful situation and how you managed it.
How do you manage a long term demanding stressful work environment?
Have you worked in an assignment based environment, e.g. work request/trouble ticket system,
and if so, describe that environment.
Describe what network statistics or measurement tools you are familiar with and how you have
used them.
Describe what a VPN is and how it works.
Describe how VoIP works.
Describe methods of QoS.
How does ToS bit work?

Virtual Private Networking

by bobby on Thu Sep 11, 2008 1:02 am

VPNs Defined
Q. How does Microsoft define a virtual private network (VPN)?
A. Microsoft defines a virtual private network as the extension of a private network that
encompasses links across shared or public networks like the Internet. With a VPN, you can send
data between two computers across a shared or public network in a manner that emulates a point-
to-point private link (such as a dial-up or long haul T-Carrier-based WAN link). Virtual private
networking is the act of creating and configuring a virtual private network.

To emulate a point-to-point link, data is encapsulated, or wrapped, with a header that provides
routing information, which allows the data to traverse the shared or public network to reach its
endpoint. To emulate a private link, the data is encrypted for confidentiality. Packets that are
intercepted on the shared or public network are indecipherable without the encryption keys. The
link in which the private data is encapsulated and encrypted is a VPN connection.

There are two key VPN scenarios—remote access and site-to-site. In remote access, the
communications are encrypted between a remote computer (the VPN client) and the remote
access VPN gateway (the VPN server) to which it connects. In site-to-site (also known as router-
to-router), the communications are encrypted between two routers (VPN gateways) that link two
sites.

Q. What are the benefits of using VPN connections?

A. For remote access connections, an organization can use VPN connections to leverage the
worldwide connectivity of the Internet and trade their direct-dial remote access solutions (and
their corresponding equipment and maintenance costs) for a single connection to an Internet
service provider (ISP) without sacrificing the privacy of a dedicated dial-up connection.

For routed connections, an organization can use VPN connections to leverage the worldwide
connectivity of the Internet and trade long-distance dial-up or leased lines for simple connections
to an Internet service provider (ISP) without sacrificing the privacy of a dial-up or dedicated site-
to-site link.

Q.
A.

Microsoft Support for VPNs

Q. For which operating systems and with which protocols does Microsoft provide remote access
VPN clients?
A. Microsoft provides Point-to-Point Tunneling Protocol (PPTP)-based remote access clients
with Windows 2000, Windows XP (both Windows XP Home Edition and Windows XP
Professional), Windows Server 2003, Windows Vista, and Windows Server 2008. Microsoft
provides Layer Two Tunneling Protocol with Internet Protocol security (L2TP/IPSec)-based
remote access clients with Windows 2000, Windows XP (both Windows XP Home Edition and
Windows XP Professional), Windows Server 2003, Windows Vista, and Windows Server 2008.

Microsoft provides a Secure Socket Tunneling Protocol (SSTP)-based remote access client in
Windows Server 2008 and Windows Vista Service Pack 1. For more information about SSTP,
see The Secure Socket Tunneling Protocol and the Routing and Remote Access Blog.

Q. For which operating systems and with which protocols does Microsoft provide remote access
VPN servers?
A. Microsoft supports a fully-featured PPTP-based remote access server in Windows NT Server
4.0, Windows 2000 Server, and Windows Server 2003. Microsoft supports a fully-featured
L2TP/IPSec-based remote access server in Windows 2000 Server and Windows Server 2003.

Microsoft also supports a single-connection PPTP and L2TP/IPsec-based remote access server in
Windows 2000 Professional, Windows 2000 Server (standalone), Windows XP Professional, and
Windows Vista (all versions) through the Incoming Connections feature of the Network
Connections folder. For information about Incoming Connections for Windows XP, see
Incoming connections. For information about Incoming Connections for Windows Vista, see Set
up an incoming VPN or dial-up connection.
Microsoft supports a Secure Socket Tunneling Protocol (SSTP) remote access server in
Windows Server 2008. For more information about SSTP, see The Secure Socket Tunneling
Protocol and the Routing and Remote Access Blog.

Q. For which operating systems and with which protocols does Microsoft support site-to-site
VPN connections?
A. Microsoft supports PPTP-based site-to-site VPN connections in Windows Server 2003 and
Windows Server 2008. Microsoft supports L2TP/IPSec-based and IPSec tunnel mode site-to-site
VPN connections in Windows 2000 Server and Windows Server 2003.

The Secure Socket Tunneling Protocol (SSTP) for Windows Server 2008 does not support site-
to-site VPN connections. For more information about SSTP, see The Secure Socket Tunneling
Protocol and the Routing and Remote Access Blog.

Q. What is Microsoft's plan for VPN support in Windows CE and Pocket PC?
A. Windows CE 3.0 includes PPTP support, including MS-CHAP v2 for authentication. Pocket
PC 2002 is based upon Windows CE 3.0 and also includes PPTP support. In a future release of
Windows CE, VPN support will expand to include use of Extensible Authentication Protocol
(EAP) for authentication with PPTP and L2TP/IPSec support to follow. In the near term,
Microsoft recommends that customers look to third-party VPN clients to support L2TP/IPSec
and EAP if strong authentication is needed.

Q. What are the changes to VPN support in Windows Vista and Windows Server 2008?
A. For detailed information, see the “Remote access and VPN connection enhancements” section
of New Networking Features in Windows Server 2008 and Windows Vista.

Q. Where can I find out more information about the new Secure Socket Tunneling Protocol
(SSTP)?
A. Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses HyperText
Transfer Protocol (HTTP) encapsulation over a Secure Sockets Layer (SSL) channel. Because
SSTP uses SSL traffic (TCP port 443), SSTP can be used in many different network
configurations, for example, when VPN clients or servers are behind network address translators
(NATs), firewalls, or proxy servers. SSTP is only supported by Windows Server 2008 and
Windows Vista Service Pack 1. For additional information, see The Secure Socket Tunneling
Protocol and the Routing and Remote Access Blog.

Q. Why does Microsoft continue to support PPTP? Does PPTP have security issues compared to
L2TP/IPSec?
A. PPTP provides a good level of security that is suitable for most companies, and it has benefits
compared to L2TP/IPSec and other IPSec-based VPN solutions because of the security model it
uses. While IPSec has powerful security, the deployments are usually more costly and have
limitations.

One of the benefits of PPTP is that it does not require a certificate infrastructure, which many
organizations are not yet ready to deploy. Rather, it relies on a user's logon credentials to
establish trust to connect the tunnel and to create the encryption keys for the session.
Additionally, the management of user names and passwords is well known.

For customers who want stronger security than user passwords, PPTP can be used with EAP so
that smart cards or token cards can be used for authentication. This increases the strength of the
encryption key generation and reduces the risk of dictionary attacks. In addition, PPTP can be
used through most Network Address Translators (NATs) today with no modifications required
for either the client or server. IPSec traffic, on the other hand, cannot traverse a NAT unless both
the client and server support IPSec NAT traversal (IPSec NAT-T).

Until certificate infrastructure becomes ubiquitous, PPTP will remain an important protocol
choice for many customers.

Q. Are IPSec-based VPN connections Network Address Translator (NAT)-friendly?

A. In order for a NAT to function, it must translate either IP addresses or port numbers in the
packets that it is forwarding. If a NAT translates IP addresses or port numbers for either Internet
Key Exchange (IKE) traffic (which is used to negotiate IPSec security associations) or IPSec-
protected traffic, the integrity of the packet is invalidated.

To prevent a NAT from translating IPSec traffic, some NATs support IPSec traffic for a single
connection through the NAT. Another solution is IPSec NAT traversal (NAT-T), a new standard
for allowing Encapsulating Security Payload (ESP)-encapsulated traffic across one or more
NATs. IPSec NAT-T is described in the Internet drafts titled UDP Encapsulation of IPSec
Packets (draft-ietf-ipsec-udp-encaps-02.txt) and Negotiation of NAT-Traversal in the IKE (draft-
ietf-ipsec-nat-t-ike-02.txt). IPSec NAT-T defines changes to IPSec protocols and new Internet
Key Exchange messages and payloads that are exchanged between two IPSec NAT-T-capable
peers. IPSec NAT-T must be supported by both the client and server.

Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP with Service Pack
2, and Microsoft L2TP/IPSec VPN Client support IPSec NAT-T. The L2TP/IPSec NAT-T
Update for Windows XP with Service Pack 1 and Windows 2000 provides VPN client IPSec
NAT-T support for Windows 2000 and Windows XP. For details about this update, see the
Knowledge Base article "L2TP/IPSec NAT-T Update for Windows XP and Windows 2000".

Q. I've heard that PPTP has many security issues and new ones are being found all the time? Is
this true?
A. Negative analyses of PPTP were published over three years ago. Security analysts identified
three problems that were immediately corrected. Since then, there have been no new issues cited.
Their most serious complaint was not concerning the implementation but rather that the use of a
user name and password for VPN connections is not as secure as certificate-based authentication.
Microsoft agrees with this conclusion which is one of the reasons why Windows Server 2008
and Windows Server 2003 support public key infrastructure (PKI) and include a certification
authority service. If you must use user names and passwords, enforce the use of strong
passwords. Strong passwords are long (more than eight characters) and contain a random mixture
of upper and lower case letters, numbers, and punctuation. An example of a strong password is
f*3L~qO2>xR3w#4o.
Q.
A.

VPN Standards and Interoperability

Q. Does Microsoft support standard protocols for virtual private networking?
A. Microsoft supports only standard protocols that have been proven to interoperate. Windows
Vista, Windows XP (both Windows XP Home Edition and Windows XP Professional), and
Windows 2000 Professional include an integrated VPN client. Windows Server 2003 and
Windows Server 2008 include an integrated VPN server (also known as a VPN gateway).

For remote access VPNs, Windows includes support for the Point-to-Point Tunneling Protocol
(PPTP) (RFC 2637) and the Layer Two Tunneling Protocol (L2TP) (RFC 2661, a Proposed
Standard) that are secured using Internet Protocol Security (IPSec) (RFCs 4301-4303, Proposed
Standards) using IPSec Encapsulating Security Payload (ESP) in transport mode. The integration
between L2TP and IPSec is described in RFC 3193 (Proposed Standard). Both the client and
server implementations use industry standard methods for IPSec trust (X.509 certificates) and
industry standard user authentication including the Challenge-Handshake Authentication
Protocol (CHAP) (RFC 1994, Proposed Standard), the Microsoft Challenge-Handshake
Authentication Protocol version 2 (MS-CHAP v2) (RFC 2759), and the Extensible
Authentication Protocol (EAP) (RFC 2284).

For site-to-site VPN connections, Windows Server 2003 and Windows Server 2008 support
PPTP, L2TP/IPSec, and IPSec tunnel mode.

All of the protocols supported have been demonstrated to provide good multi-vendor
interoperability.

Q. Why do other vendors claim that they support standards and that Microsoft VPN technologies
are proprietary?
A. Most vendors making this claim are using IPSec tunnel mode for remote access.
Unfortunately, the IPSec RFCs do not describe the use of IPSec tunnel mode for remote client
access. In particular, the RFCs provide no mechanisms for user authentication, IP address
assignment, and name server address assignment.

As a result, vendors implementing a remote access solution based on IPSec tunnel mode have
been forced to extend the protocol. These extensions are not standard, and drafts that were
introduced to the IETF to define a standard have been withdrawn. As a result, there is no
standard for remote client access using IPSec tunnel mode. Consequently, many vendor
implementations are not interoperable.

In contrast, Microsoft has followed several standards precisely using L2TP (RFC 2662, a
Proposed Standard) as the remote access protocol and IPSec (RFCs 4301-4303, Proposed
Standards) as the encryption protocol, combined in a manner described in the L2TP/IPSec RFC
3193.

Q. What VPN protocols are Internet Engineering Task Force (IETF) standards?
A. The following VPN protocols are IETF standards:

• L2TP over IPSec using ESP transport mode (L2TP/IPSec). L2TP, defined in RFC 2661, is an
IETF Proposed Standard, and the integration of L2TP with IPSec is defined in RFC 3193. There
are implementations from Microsoft, Cisco, and Nortel Networks that have been demonstrated to
interoperate. L2TP/IPsec tunnels traffic, preserving the full end-to-end semantics of
communications conducted inside the tunnel. It fully supports legacy address and host
configuration technologies (IPCP). It is commonly used by customers in multi-vendor
environments. It supports password authentication using PAP, CHAP, MS-CHAP, and MS-
CHAP v2, and it supports strong authentication using EAP.

• IPSec Tunnel Mode. The use of IPSec tunnel mode for VPNs, described in the Internet draft
draft-ietf-ipsec-dhcp-13.txt, has been approved as an IETF Proposed Standard. It tunnels traffic,
preserving the end-to-end semantics of the communications it is carrying. The trust model is
defined as part of the IETF standard using either standard X.509 certificates or pre-shared keys.
The standard supports both dynamic and static addressing. IPSec tunnel mode is appropriate for
site-to-site VPN connections and has been demonstrated to be interoperable by Microsoft, Cisco,
Nortel, and others. There is no standard for legacy user authentication within IPSec tunnel mode,
which makes it unsuitable for use in remote access. It is implemented by most VPN gateways.
There have been many public interoperability demonstrations and customer deployments using
real products.

Q. What VPN protocol(s) are non-standard and why?

A. The following VPN protocols are non-standard:

• IPSec tunnel mode with XAUTH (extended authentication), mode config, hybrid-auth, or
CRACK. After considering alternatives such as mode config, the IETF adopted the Internet draft
draft-ietf-ipsec-dhcp-13.txt as an IETF Proposed Standard for configuration of IPSec tunnel
mode. Similarly, the IETF considered, and rejected, standardization of XAUTH, Hybrid, and
CRACK authentication methods. Mode config was rejected for IETF standardization because it
lacks the flexibility and generality of DHCP, complicates IPSec failover scenarios, and requires
modifications to IKE that are considered inadvisable. Similarly, XAUTH was rejected because it
is incompatible with existing IETF authentication frameworks such as EAP, SASL, and GSS-
API, requires IKE modification, and contains major security flaws. The IETF rejected
standardization of Hybrid and CRACK due to concerns about increasing the complexity and
security vulnerabilities with IKE. While the IPSRA WG is working on standardization of legacy
authentication methods via PIC, work is not yet completed, and interoperable implementations
are not available. So far, there is no IETF standard providing accurate accounting in IPSec tunnel
mode. Given the current state of IPSec tunnel mode standardization for remote access, Microsoft
believes that L2TP/IPsec represents more mature technology.

• IPSec tunnel mode using IP Security Remote Access (IPSRA) definitions for remote access.
The IPSRA WG has been chartered with standardizing the use of IPSec tunnel mode in remote
access scenarios. So far, the group has standardized use of DHCP with IPSec tunnel mode for
configuration (Internet draft draft-ietf-ipsec-dhcp-13.txt, now a Proposed Standard) and is
working on legacy user authentication via PIC. Microsoft is a coauthor of the IPSRA documents
and believes that they show promise. Use of DHCP for address assignment is a significant
improvement compared to mode config. PIC supports the use of EAP for user authentication
without modifying IKE. However, while several vendors have implemented IPSec/DHCP, there
are no known PIC implementations.

Q. Which configurations have been shown to work between Microsoft's client implementation of
these VPN protocols and third-party VPN gateways?
A. Since the second quarter of 1999, Microsoft has been publicly demonstrating its
implementations of L2TP/IPSec VPN clients and Cisco's IOS implementation for remote access.
Since then, implementations have shipped on Cisco's VPN 3000, 5000, and IOS gateways;
Nortel Networks Contivity gateways; and gateway products from Intel, Ericsson, Nokia, 3COM,
and NetScreen (all of which work with X.509 certificates for computer trust and with password-
based authentication). In addition, there have been a number of successful interoperability tests
between the Windows client and other third-party VPN gateways at IPSec industry
interoperability meetings known as "bakeoffs."

Q. How can IPSec tunnel mode not be a standard for remote access VPNs given that it is part of
IPSec, which is approved as an IETF Proposed Standard?
A. The IPSec protocol includes two modes of operation: transport mode and tunnel mode.
Transport mode defines a protocol for encrypting communications between two end-systems
such that no other computer or device is involved in the dialog—ensuring end-to-end privacy and
integrity of the data. The IPSec standards define a second mode of operation called tunnel mode.
Tunnel mode was defined to enable routed connections between two networks--encrypting the
traffic on behalf of all computers on the two networks. The best way to think of this is two
routers that encrypt traffic before passing it over the Internet.

Neither IPSec transport mode nor IPSec tunnel mode provides all the functionality necessary for
remote access. Remote access is a hybrid model where one computer is an end-system (the
client), and the second system is an intermediate system (the server). In order to use either IPSec
transport mode or tunnel mode, additional protocols are required to manage the semantics of
remote access. Specifically, there needs to be an interoperable protocol used for automatic
address assignment; a method for accounting by tracking session state; and an interoperable
mechanism for legacy user authentication.

To meet these requirements using IPSec transport mode, two IETF standards are combined
(L2TP and IPSec transport mode). This is the solution supported by Microsoft in Windows 2000,
Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and with the
Microsoft L2TP/IPSec VPN Client.

To meet these requirements using IPSec tunnel mode, vendors developed proprietary
technologies such as mode config and XAUTH. These technologies were developed quickly and
were not subjected to rigorous analysis within the IETF before deployment. Once that analysis
was conducted, serious flaws were found, and the technologies were rejected for standardization.
The IETF chose to advance alternative approaches to IPSec tunnel mode for remote access, such
as IPSec/DHCP and PIC. Microsoft endorses the IETF's analysis and recommends that
customers reject flawed proprietary extensions to IPSec, such as mode config and XAUTH.

Q. Isn't an IPSec implementation that includes these protocols considered a standard?

Another vendor who supports IPSec tunnel mode claims they are standard because they use
XAUTH and mode config. They say this addresses remote access for IPSec tunnel mode. Isn't an
IPSec implementation that includes these protocols considered a standard?

A. XAUTH and/or mode config are not IETF standards. They have been extensively analyzed
and have been rejected because of major flaws. Therefore IPSec tunnel mode implementations
including these protocols cannot claim standards status and have known defects for which no fix
is available.

XAUTH changes a core IPSec protocol named Internet Key Exchange (IKE). The IKE protocol
is critical to IPSec as it is used to negotiate the security parameters of the IPSec security
association including computer trust, encryption keys, and security methods. The IKE protocol
took approximately nine years to develop within the IETF. Every proposal was carefully
scrutinized for security weaknesses and was rejected if it did not meet the rigorous requirements
for strong security. In contrast, XAUTH was developed in a short period of time and without the
same scrutiny as IKE. XAUTH fundamentally changes the IKE protocol. The original authors of
the IKE protocol reviewed XAUTH and discovered serious security issues that adversely affect
the important benefits of IPSec. Under criticism from IETF members, XAUTH was removed
from the IETF standards track.

In a related activity, the IETF Security Area Directors issued an e-mail on August 2, 2001,
declaring a moratorium on changes to the IKE protocol. In this mail they indicated that IPSec
security could be adversely affected by the complexity of IKE and that IKE changes should not
be made until IKE was simplified. The mail went on to list various technologies (including
XAUTH, hybrid auth, and others) as not helping to simplify IKE. As a result, L2TP/IPSec
remains the only IETF standard method for remote access VPN with IPSec encryption.

Q. Why doesn't Microsoft implement IPSec tunnel mode with XAUTH and mode config?
A. There are several key reasons for this.

• XAUTH contains serious security flaws for which no known fix is available and has been
rejected for IETF standardization. Given this, Microsoft believes that it would be irresponsible
for us to endorse this technology, especially when IETF standards-based technology is under
development.

• XAUTH is incompatible with existing IETF authentication frameworks such as EAP and GSS-
API. This means that developers who want to develop authentication techniques for the
Windows platform would need to develop their methods using multiple, incompatible APIs. This
prevents customers from using existing authentication methods within remote access scenarios.
For developers, it increases the complexity and cost of developing a new authentication method.
Rather than introducing another authentication framework to the detriment of customers and
developers, Microsoft endorses efforts within IETF and IEEE to extend the applicability of EAP.
This allows customers and developers to leverage their efforts, developing authentication
methods with universal applicability, such as in wireless scenarios (via 802.1X).

• Because of the poor interoperability of XAUTH and mode config, Microsoft could not
implement the technology and have it work with more than one vendor.

• L2TP/IPSec is already an interoperable standard that is supported in commercial products from

leading networking companies and can be implemented in models similar to XAUTH with IPSec
but with much stronger security, reliable accounting, and standards-based configuration.

• The IETF rejected XAUTH and mode config and has a more appropriate IPSec tunnel mode-
based remote access solution in development through the IPSRA working group.

Q. Why is interoperability important to customers for remote access VPN?

A. There are several reasons why interoperability is important.

• You may need to support gateways from different vendors within your company. Maybe you
have decentralized purchasing, or maybe you will be involved in a merger or acquisition with
someone who chose a different vendor. By using interoperable standards, you can reduce the
time it takes to integrate your business infrastructures and benefit from the business change.

• Many companies are looking for ways to streamline supply chain management and other types
of inter-business transactions. VPNs make it possible to create secured "extranet" zones where
companies can do more than share web applications. By giving your business partner remote
access to the extranet zone, you can support a broad range of protocols and support a much richer
set of scenarios than using HTTP alone. Interoperability lets you build such an extranet without
having to dictate vendors or products to your business partner; something that can create serious
deployment barriers due to conflicts in hosting multiple VPN clients in end-user computers.

• Interoperability allows customers the freedom to choose a client that is easy to use and deploy,
while independently selecting a server based on its characteristics as a server. Rather than
compromising on your server or client, you can choose the best server for the situation. Using
interoperable standards also helps reduce deployment cost and helps avoid client deployment
issues.

Q. Why is Microsoft such an advocate of interoperable VPN standards?

A. Customers have told Microsoft they prefer that Windows come with the networking
technologies required to support core connectivity scenarios. The adoption of VPN for remote
access is growing rapidly and is being used by most companies. For economic reasons, Microsoft
sees remote access VPN replacing dial-up remote access to the company network because it
allows companies to use a single Internet link to support all their remote access users, thus
reducing modem pool management costs, multiple telephone line costs, etc. This trend makes
VPN a core connectivity scenario.
Any type of authenticated network access (dial-up, VPN, or 802.1X) requires integration with
the operating system (OS) at many levels, including several layers within the IP stack, OS
credential management, and user OS login. This is necessary to make the solution easily
deployable, to ensure application compatibility, to ensure clean OS upgrade capability, and to
provide a single sign-on experience for network access, OS access, file sharing, printing, and
other network applications.

Improper integration can compromise system security, disrupt applications, and prevent
customers from carrying out even basic service pack upgrades to the operating system. It can
also result in having to maintain separate logon systems for network access, applications, and the
network operating system. Because of this, Microsoft considers it a responsibility to deliver well-
integrated, interoperable VPN clients. The best way to achieve this is through interoperable
industry standards.

Q.
A.

VPN Deployment
Q. Where can I find information about deploying Windows remote access VPNs?
A. For Windows Server 2003, see Deploying Dial-up and VPN Remote Access Servers and
Deploying Virtual Private Networks with Microsoft Windows Server 2003.

For Windows Server 2008, see Windows Server 2008 Networking and Network Access
Protection (NAP).

Q. How do I install a computer certificate on a VPN server?

A. If you are using the Windows Server 2003 or Windows Server 2008 Certificate Services,
configure the Active Directory™ service system container that holds the computer account of the
VPN server for automatic enrollment of computer certificates using the Group Policy Editor
snap-in. A computer certificate is automatically issued to the VPN server the next time computer
group policy is updated. If auto-enrollment is not appropriate or you are using a third-party
certification authority (CA), create a certificate using the CA's administration software and
export it to a certificate file. Then, import the certificate file on the VPN server into the Local
Computer store of the VPN server using the Certificate Manager snap-in. For more information,
see Deploying Dial-up and VPN Remote Access Servers and Windows Server 2008 Networking
and Network Access Protection (NAP).

Q. Why do my VPN connections work from some locations and not others?
A. The Internet service provider (ISP) that you are using at the time of the connection may be
blocking specific types of TCP/IP traffic that are preventing VPN connectivity. For example,
PPTP traffic uses TCP port 1723 to create the connection and IP protocol 47 to send data.
L2TP/IPSec traffic uses UDP ports 500 and 4500 to create the connection and IP protocol 50 to
send data.

Your VPN traffic may also be blocked by a NAT. For PPTP connections, ensure that the NAT
has a PPTP editor that can properly map PPTP data traffic. For L2TP/IPSec connections, ensure
that the NAT supports a single IPSec connection or that both the VPN client and server support
IPSec NAT-T.

Q. How do I configure my firewalls to allow Microsoft VPN traffic?

A. PPTP traffic uses TCP port 1723 to create and maintain the connection and IP protocol 47 to
send data. L2TP/IPSec traffic uses UDP ports 500 and 4500 to create and maintain the
connection and IP protocol 50 to send data. Configure your firewall to allow these types of
traffic to and from your VPN server.

Q. How do I use RSA Security's SecurID with Microsoft VPNs?

A. For information on how to use RSA Security's SecurID system to authenticate Microsoft VPN
connections, see the RSA Web site to obtain the latest components for your operating system.

Q. Why are pre-shared keys non-secure?

A. In order for IPSec (tunnel mode or transport mode) to negotiate encryption, the systems must
first decide they are willing to trust each other. There are two methods defined in IPSec to
accomplish this. One is with X.509 certificates and the other is with pre-shared keys.

The most secure way to do this is with X.509 certificates. In this case, the two systems first
obtain an X.509 certificate from certificate authorities so that the certificates share a common
root authority. Think of it as both sides getting the certificate from someone they mutually trust.
In this case, the certificate for the gateway uniquely identifies the gateway, and the certificate for
the client uniquely identifies the client. Using IKE, the certificates are securely exchanged and
the gateway and the client computers can authenticate each other after they generate encryption
keys and begin using the IPSec main mode security association (SA).

Recognizing that certificate deployment had not yet matured, pre-shared keys were primarily
placed into the IPSec standard for the purpose of testing basic interoperability between vendor
implementations. Some people continue to use pre-shared keys rather than deploy much more
secure X.509 certificates. For pre-shared keys, each system is configured with a shared key
(similar to a password).

When the systems start IPSec main mode negotiation using IKE, they indicate to each other that
a pre-shared key is used as the authentication method. However, there is no way to uniquely
identify the gateway or the client in advance (particularly in remote access). You might try using
the IP addresses as a hint, but in remote access, there is no way to know this because the
computer is roaming between Internet access points and often gets a different IP address at each
connection. For this to work, all computers involved must be configured with the same pre-
shared key.

For example, if you have 1,500 VPN clients and four VPN servers, all of the systems would have
to use the same pre-shared key. If the pre-shared key is ever compromised, a malicious user can
use it to attempt to connect to your server. If the malicious user has the correct pre-shared key,
the server will negotiate the main mode IPSec security association.

If user authentication is also used, the remote access connection is rejected, unless the malicious
user also has knowledge of a set of valid user credentials. Even without valid user credentials,
computation time on the gateway is used to derive the encryption keys and authenticate the
computer attempting the IPSec SA. By performing repeated connection attempts from multiple
computers, the gateway processing power can be consumed and block all other communications
to the server, resulting in a denial of service attack.

The only way to fix the vulnerability of a compromised pre-shared key is to configure a new pre-
shared key on the server and either manually reconfigure the pre-shared key on all other systems
or distribute the new pre-shared key in secret. During the key change transition time, no one will
have access to the server. This is equivalent to having to change the locks on the doors of your
business when 1,500 employees share the same key required for accessing the building.

Q. Other VPN vendors say they solve pre-shared key issues with their implementations. How is
that done?
A. This is accomplished using the weakest form of IPSec trust called IKE aggressive mode. In
this case, the two systems pass a plain text name to each other as a hint for which pre-shared key
to use. This lets customers create multiple IPSec pre-shared keys, and the server can then support
multiple pre-shared keys. In practice, the customer divides the users into a small set of groups.
Each group is assigned a "group name" and a single common shared key. The server is
configured with all the group names and the shared key used by each group.

This makes the size of the group sharing a specific pre-shared key smaller, but it does not
actually solve the problem of a compromised pre-shared key. It takes only one stolen pre-shared
key to do a denial of service attack and all the members of the group that share that secret are
affected. It is possible to take this to an extreme and give each user a unique name and pre-
shared key, but on that scale, it is more secure and just as easy to use a certificate.

Q. Are there alternatives to group pre-shared keys without having to create an X.509 certificate
for every remote access VPN user and without having to expose names using aggressive mode?
bobby

Posts: 834
Joined: Tue Jul 01, 2008 11:26 pm

Networking Interview Questions

by bobby on Mon Jul 28, 2008 7:33 pm

What is MTU?
How does TCP handshake work?
How does SSL handshake work?
What are the different phases in VPN establishment?
How does DH (deffie helman) work?
What is TCP window sizing?
What is the difference between passive FTP and active FTP?
What is the difference between socket and session?
How does network management station work?
bobby

Posts: 834
Joined: Tue Jul 01, 2008 11:26 pm
Top

Re: Networking Interview Questions

by bobby on Mon Jul 28, 2008 7:34 pm

1. What is MTU? Maximum Transmission Unit. The greatest amount of data or “packet” size
that can be transferred in one physical frame on a network. This packet also contains the header
and trailer information, which are like addresses for each packet that are required by the routers
on the network.

2. How does TCP handshake work? Transmission Control Protocol/Internet Protocol. There are 3
steps.
1. Local device sends sequence number and maximum segment size.
2. Destination device responds by sending its sequence number and maximum segment size back
to local device.
3. Local device acknowledges receipt of the sequence number and segment size information.

3. How does SSL handshake work? Secure Sockets Layer. There are 4 steps.
1. Browser checks the certificate to make sure that the site you are connecting to is the real site
and not someone intercepting.
2. Determine encryption types that the browser and web site server can both use to understand
each other.
3. Browser and Server send each other unique codes to use when scrambling (or encrypting) the
information that will be sent.
4. The browser and Server start talking using the encryption, the web browser shows the
encrypting icon, and web pages are processed secured.

4. What are the different phases in VPN establishment? Successful VPN establishment consists
of two levels of SA’s known as phases. Phase 1 authentication establishes session keys. Using
the Xauth feature, the client waits for a “username/password” challenge after the IKE Phase 1
SA has been established. When the end user responds to the challenge, the response is forwarded
to the IPsec peers for an additional level of authentication completing Phase 2.
1. Phase 1 of a 2 phase VPN tunnel establishment process. Phase 1 negotiates the security
parameter agreement.
2. Phase 2 of 2 phase VPN tunnel establishment process. Phase 2 uses the agreed parameters
from Phase 1 to bring the tunnel up.

5. How does DH (deffie helman) work? Diffie-Hellman key agreement was invented in 1976
during a collaboration between Whitfield Diffie and Martin Hellman and was the first practical
method for establishing a shared secret over an unprotected communications channel. Based on
Ralph Merkle’s public key cryptosystem. Public key cryptography is a form of cryptography
which generally allows users to communicate securely without having prior access to a shared
secret key, by using a pair of cryptographic keys, designated as public key and private key,
which are related mathematically.

6. What is TCP window sizing? The window size is the maximum number of bytes of data that
can be transmitted in one segment. Increasing the window size for a TCP-based file transfer
would increase throughput until the slowest link in the path saturates. It would be preferable to
have a window size appropriate to the size of the link. There would be less buffering, the ACKs
would return more quickly and more of the bandwidth would be used. Ideally you are looking for
a Window Size >= Bandwidth * RTT.

7. What is the difference between passive FTP and active FTP?

FTP is an unusual protocol in that it uses two ports, one for commands and the other for data.
(This is one of the reasons it is superior to HTTP for transferring large files.) Active FTP was
invented first. The client initiates a connection on the server’s command port. The server then
initiates a connection with the client from its data port. In Passive FTP, the client initiates both
connections with the server, which remains “passive”.
Active FTP may cause problems if your client is behind a firewall. From the firewall’s point of
view, the FTP server that is trying to initiate a connection with your client looks like an intruder
and is usually blocked. This is why many users have difficulty using FTP to download files from
behind a firewall.
Passive FTP solves this problem, but creates other problems, notably where FTP server security
is concerned. The server must listen on a large number of ports. This requires the firewall to let a
lot of unqualified traffic through. Most firewall administrators do not like this.
As a rule, you do not need to be concerned about passive and active FTP unless you administer
an FTP server or a firewall. If you experience difficulty using your FTP client from behind a
firewall, this is likely the reason. Perhaps you should discuss the matter with your firewall
administrator.

8. What is the difference between socket and session?

1. An SSL session is a mechanism through which connections can be established by re-using
previously negotiated handshakes.
2. A socket is one endpoint of a two-way communication link between two programs running on
the network. A socket is bound to a port number so that the TCP layer can identify the
application that data is destined to be sent.

9. How does network management station work? Network management stations execute
management applications which monitor and control network elements. Network elements are
devices such as hosts, gateways, terminal servers, and the like, which have management agents
responsible for performing the network management functions requested by the network
management stations. The Simple Network Management Protocol (SNMP is used to
communicate management information between the network management stations and the agents
in the network elements. There are a few network management features that may be used to
provide network monitoring for this advisory.
1. Device Availability Monitoring
2. SNMP MIB object monitoring
3. Cisco Service Assurance Agent (Cisco SAA)
4. RMON Alarm and Events
5. Event-MIB
6. CiscoWorks RME Network Show Commands and CLI scripting

Networking Questions & Answers

by sri on Mon Jul 28, 2008 4:12 pm

Q: What is TCP?

A: TCP stands for Transmission Control Protocol. It is a connection-based protocol that provides
a reliable flow of data between two computers.

Q: What is UDP?

A: UDP stands for User Datagram protocol. It is a protocol that sends independent packets of
data, called datagrams, from one computer to another with no guarantees about arrival. UDP is
not connection-based like TCP.

Q: How does UDP differ from TCP?

A: TCP is connection based and guarantees that the data arrival whereas UDP is connection less
and does not guarantee the arrival of data. This, TCP is more reliable that UDP.

Q: What is a Port?

A: A port is a number that represents a logical address which is used to identify the application to
which the data has to be delivered.

Q: Can you explain in more detail?

A: Generally speaking, a computer has a single physical connection to the network. All data
destined for a particular computer arrives through that connection. However, the data may be
intended for different applications running on the computer. So how does the computer know to
which application to forward the data? Through the use of ports.

Q: What is an IP Address?

A: IP Address is a 32 bit number used to identify a computer on a network.

Q: Can a computer have only one IP address?

A: No, Actually an IP address is used to identify a network node, if a computer has more than
one network adaptor/network card, it can have more than one IP address.

Q: How many bits are used to represent a port?

A: 16 bits.

Q: What is a socket?

A: A socket is one end-point of a two-way communication link between two programs running
on the network. A socket is identified by a The IP address of the computer to which the data is to
be delivered and the port number of the application in that computer to which the data is to be
delivered.
Q: Explain it with a diagram?

A:

Q: What is the numeric range for port numbers?

A: Port numbers range from 0 to 65,535 because ports are represented by 16-bit numbers.

Q: What range of port numbers is reserved for system services?

A: Port numbers ranging from 0 – 1023.

Q: What are they reserved for?

A: They are reserved for use by well-known services such as HTTP and FTP and other system
services. These ports are called well-known ports.

Q: What is OSI Model?

A: OSI stands for Open Systems Interconnection Basic Reference Model. It is a layered, abstract
description for communications and computer network protocol design.

Q: What are the different layers in OSI Model?

A: OSI Model consists of the Application, Presentation, Session, Transport, Network, Data Link,
and Physical layers.

Q: What is a Layer in OSI Model?

A: A layer is a collection of related functions that provides services to the layer above it and
receives service from the layer below it.

Q: Explain Application Layer?

A: Application layer interface directly performs application services for the application
processes; it also issues requests to the presentation layer.

Q: What is Presentation Layer?

A: The presentation layer establishes a context between application layer entities.

Q: What is Sessions Layer?

A: The session layer controls the dialogues/connections (sessions) between computers. It

establishes, manages and terminates the connections between the local and remote application.

Q: What is Transport Layer?

A: The transport layer provides transparent transfer of data between end users, providing reliable
data transfer services to the upper layers.

The transport layer controls the reliability of a given link through flow control,
segmentation/desegmentation, and error control. Some protocols are state and connection
oriented. This means that the transport layer can keep track of the segments and retransmit those
that fail.

Q: What is Network Layer?

A: The network layer provides the functional and procedural means of transferring variable
length data sequences from a source to a destination via one or more networks, while
maintaining the quality of service requested by the Transport layer.

Q: What is Data Link Layer?

A: The data link layer provides the functional and procedural means to transfer data between
network entities and also detects and possibly correct errors that may occur in the physical layer.

Q: What is Physical Layer?

A: The physical later are the physical hardware used like network cables, network cards etc..

Q: What is simplex communication?

A: In Simplex communication all data flows only in one direction.

Q: What is Duplex Communication?

A: In Duplex communication, data flows in both directions but at a time only in one direction.

Q: What is full duplex communication?

A: In Full Duplex communication data flows parallel in both directions.

sri

Posts: 1202
Joined: Fri Jun 27, 2008 12:33 pm
Basic Networking & PC Related Questions
Post a reply

Search

1 post • Page 1 of 1

Basic Networking & PC Related Questions

by sri on Mon Jul 28, 2008 4:07 pm

Question:What is DHCP?
DHCP stands for Dynamic Host Configuration Technology. The basic purpose of the
DHCP is to assign the IP addresses and the other network configuration such as
DNS, Gateway and other network settings to the client computers. DHCP reduces
the administrative task of manually assigning the IP addresses to the large number
of the computers in a network.
Question:What is DNS and how it works?
DNS stands for Domain name system and it translates (converts) the host name into
the IP address and IP address into to the host name. Every domain and the
computer on the internet is assigned a unique IP address. The communication on
the internet and in the network is based on the IP addresses. IP addresses are in
this format 10.1.1.100, 220.12.1.22.3, 1.1.1.1 etc. IP addresses can’t be
remembered but the host names (e.g. www.networktutorials.info, xyz.com,
abc.com) are easy to remember instead of their IP addresses.
Question:What is a Firewall?
Firewall is a protective boundary for a network and it prevents the unauthorized
access to a network. Most of the Windows operating system such as Windows XP
Professional has built-in firewall utilities. There are the large number of the third
party firewall software and the basic purpose of all the firewall software and
hardware is same i.e. to block the unauthorized user access to a network.
Question:What is WAN?
WAN stands for wide area network and it covers the broader geographical area.
Basically there are three types of a computer network LAN (Local Area Network),
MAN (Metropolitan Area Network) and WAN (Wide Area Network). The
communication in a WAN is based on the Routers. A WAN network can cover a city,
country or continents.
Question:Define VOIP Communication Technology
VOIP stands for Voice over IP and this technology is used for transmitted the voice
over the IP based long distance network to make phone calls. VOIP phone calls are
very cheap and a large number of the corporate offices and home users are using
VOIP technology to make long distance phone calls.
Question:What is Wi Max Technology?
Wi Max is a wireless broadband technology and it is a advance shape of the Wi Fi
(which was a base band technology). Wi Max supports data, video and audio
communication at the same time at a very high speed up to 70 Mbps.
Question:Define Network Gateway
Network Gateway can be software or a hardware. A gateway is usually a joining
point in a network i.e. it connects two networks. A computer with two LAN cards can
act as a gateway.
Question:What is a Router?
A router routes the traffic to its destination based on the source and destination IP
addresses, which are placed in the routing software known as routing table.
Question:How Fiber Optic Cable Works
Fiber optics provides the fastest communication medium for data and voice. Data
can travel at the speed of light through the fiber optic cables. ISPs and corporate
offices are usually connected with each other with the fiber optic cables to provide
high speed connectivity.
Question:What is File Server?
A file server is a computer in a network that authenticates the user access in a
network such as Windows 2000/2003 Servers.
Question:Define Seven Layers of OSI Model
There are seven layers of the OSI model. The basic purpose of these layers is to
understand the communication system and data transmission steps. The seven
layers are Application, Presentation, Session, Transport, Network, Data Link and
Physical. You can remember the name of these layers by this phrase. “All people
seems to need data processing”.
Question:Define GSM Technology
GSM is a short range wireless technology and is usually used in the mobile phones,
hand help devices, MP3 players, Laptops, computers and in cars.
Question: How to open the command prompt?
To open a command prompt window in Windows 2000 or XP, click Start | Run, type
cmd in the box, and click OK.
Question: How to find IP address of your connection?
Go to start/run type 'cmd' then type 'ipconfig' Add the '/all' switch for more info.
Question: How to verify connection to remote computer?
Ping tool verifies connections to remote computers
example: In cmd type c:>ping 192.168.0.1 -t
-t Ping the specified host until interrupted
-a Resolve addresses to hostnames
Question: How to find a path on the network from your PC that is running load test
script to web server?
Use Tracert Utility runs at the Command prompt. It will trace a path from you to the
URL or IP address given along with the tracert command. Tracert determines the
route taken to a destination by sending ICMP echo packets
Question: How to find what ports are open on your system?
In cmd type c:>netstat This command gives you a generic look at what ports are
open on your system
Question: What TCP/IP Settings are used on computer?
Description of TCP/IP Settings that are used in network troubleshooting
1. IP Address
2. Subnet Mask
3. Default Gateway
4. DHCP Server
5. DNS Servers
Question: What is telnet?
Telnet is a text based communication program that allows you to connect to a
remote server over a network
telnet
is the name or IP address of the remote server to connect to.
is the port number of the service to use for the connection. The default is 23
(TELNET service).
Question: How to find a network configuration of your PC?
In cmd type c:> net config workstation
the result displays a list of configurable services: computer name,user name, logon
domain, domain DNS name.
Question: How to find what program used as default for opening file .xyz
In cmd type C:> assoc .xyz which program will open that .xyz file
Question: How to change settings in command prompt?
The first thing you'll want to do is Start, Run, cmd.exe, then right click the window
menu and choose properties. Try the following values for improvement:
Options | Command History | Buffer Size | 400
Options | Command History | Discard Old Duplicates | True
Options | Edit Options | QuickEdit Mode | True
Layout | Screen buffer size | Height | 900
Layout | Window size | Height | 40
Question: How to start DirectX Diagnostic Tool ?
To start the DirectX Diagnostic Tool: 1. Click Start, and then click Run.
In the Open box, type dxdiag, and then click OK.
Question: How to determine whether there is an issue with the DNS configuration of
your connection to your ISP?
At a command prompt, type ipconfig /all, and then press ENTER to display the IP
address of your DNS server. If the IP address for your DNS server does not appear,
you need contact your ISP.
Question: What do you need to do that your browser will point URL
http://www.YourTest.com to the internal IP address 127.99.11.01?
Make changes in the hosts file in C:\WINDOWS\system32\drivers\etc
The Hosts file is looked at first before going out to the DNS (Domain Name Service)
servers.
you have to put the following on new lines at the end of hosts file:
127.99.11.01 YourTest.com
127.99.11.01 http://www.YourTest.com
Question: What can you suggest to enhance testing process on windows OS?
Put shortcut to notepad.exe in SendTo folder. It is speed up work with different files
like hosts, configuration files.
Question: What is FTP?
FTP is short for File Transfer Protocol. This is the protocol used for file transfer over
the Internet.