1. Question 1. What Is Firewall?

Answer :
A firewall is a hardware or software installed to provide security to the private
networks connected to the internet. They can be implemented in both hardware and
A firewall is a hardware or software installed to provide security to the private
networks connected to the internet. They can be implemented in both hardware and
software, or a combination of both. All data entering or leaving the Intranet passes
through the firewall which allows only the data meeting the administrators’ rules to
pass through it.software, or a combination of both. All data entering or leaving the
Intranet passes through the firewall which allows only the data meeting the
administrators’ rules to pass through it.
2. Question 2. What Is Log Processing?
Answer :
How audit logs are processed, searched for key events, or summarized.

Network Security Interview Questions

3. Question 3. Define Digital Signatures?
Answer :
Digital signature is an attachment to an electronic message used for security
purpose. It is used to verify the authenticity of the sender.
4. Question 4. What Is Access Control Lists?
Answer :
Rules for packet filters (typically routers) that define which packets to pass and
which to block.

Network Security Tutorial

5. Question 5. What Are The Types Of Firewalls?
Answer :
Packet Filtering Firewall: This type of Firewall detects packets and block
unnecessary packets and makes network traffic release.
Screening Router Firewalls: It's a software base firewall available in Router provides
only light filtering.
Computer-based Firewall: It's a firewall stored in server with an existing Operating
System like Windows and UNIX.
Hardware base Firewall: Its device like box allows strong security from public
network. Mostly used by big networks.
 Proxy Server: Proxy server allows all clients to access Internet with different access
limits. Proxy server has its own firewall which filters the all packet from web server.
Internet Security Interview Questions
6. Question 6. What Is Ip Spoofing?
Answer :
An attack whereby a system attempts to illicitly impersonate another system by
using its IP network address.
In computer networking, the term IP address spoofing or IP spoofing refers to the
creation of Internet Protocol (IP) packets with a forged source IP address, called
spoofing, with the purpose of concealing the identity of the sender or impersonating
another computing system.
7. Question 7. What Is Defense In Depth?
Answer :
The security approach whereby each system on the network is secured to the
greatest possible degree. May be used in conjunction with firewalls.

Internet Security Tutorial   Computer Network Security Interview Questions

8. Question 8. What Is The Public Key Encryption?
Answer :
Public key encryption use public and private key for encryption and decryption. In this
mechanism, public key is used to encrypt messages and only the corresponding
private key can be used to decrypt them. To encrypt a message, a sender has to
know recipient’s public key.
9. Question 9. What Is Worm?
Answer :
A standalone program that, when run, copies itself from one host to another, and
then runs itself on each newly infected host. The widely reported 'Internet Virus' of
1988 was not a virus at all, but actually a worm.

Veritas Volume Manager (VVM or VxVM) Interview Questions

10. Question 10. Explain Abuse Of Privilege?
Answer :
When a user performs an action that they should not have, according to
organizational policy or law.
11. Question 11. What Is Data Encryption?
Answer :
Data encryption ensures data safety and very important for confidential or critical
data. It protect data from being read, altered or forged while transmission.
 Spotfire (TIBCO) Interview Questions
12. Question 12. What Is Uthentication?
Answer :
The process of determining the identity of a user that is attempting to access a
system.
authentication is a process that can verify pc identity(user name and pass etc)
Network Security Interview Questions
13. Question 13. What Is Least Privilege?
Answer :
Designing operational aspects of a system to operate with a minimum amount of
system privilege. This reduces the authorization level at which various actions are
performed and decreases the chance that a process or user with high privileges may
be caused to perform unauthorized activity resulting in a security breach.
14. Question 14. What Is Authentication Token?
Answer :
A portable device used for authenticating a user. Authentication tokens operate by
challenge/response, time-based code sequences, or other techniques. This may
include paper-based lists of one-time passwords.
15. Question 15. What Is Tunneling Router?
Answer :
A router or system capable of routing traffic by encrypting it and encapsulating it for
transmission across an untrusted network, for eventual de-encapsulation and
decryption.

Cisco Unified Computing System Interview Questions

16. Question 16. What Is Cryptographic Checksum?
Answer :
A one-way function applied to a file to produce a unique ``fingerprint'' of the file for
later reference. Checksum systems are a primary means of detecting filesystem
tampering on Unix.
17. Question 17. Explain You Are Currently Designing Your Own Desktop
Publishing Application, As You Have Not Found Any That?
Answer :
You are currently designing your own Desktop Publishing application, as you have not
found any that do exactly what you want with existing applications. As part of the
design you are using a Controller to which you send all GUI requests. Not all objects
can process the same commands. For example you can?t select the spell check tool
 when an image has the focus. To stop any possible errors you would like to filter out
some of the messages as they are passed from these objects to.

Virtual Private Network (VPN) Interview Questions

18. Question 18. What Is Ip Splicing/hijacking?
Answer :
An attack whereby an active, established, session is intercepted and co-opted by the
attacker. IP Splicing attacks may occur after an authentication has been made,
permitting the attacker to assume the role of an already authorized user. Primary
protections against IP Splicing rely on encryption at the session or network layer.

Internet Security Interview Questions

19. Question 19. What Is Screened Host?
Answer :
A host on a network behind a screening router. The degree to which a screened host
may be accessed depends on the screening rules in the router.
20. Question 20. What Is Dns Spoofing?
Answer :
Assuming the DNS name of another system by either corrupting the name service
cache of a victim system, or by compromising a domain name server for a valid
domain.

CheckPoint Firewall Interview Questions

21. Question 21. What Is Bastion Host?
Answer :
A system that has been hardened to resist attack, and which is installed on a network
in such a way that it is expected to potentially come under attack. Bastion hosts are
often components of firewalls, or may be ``outside'' web servers or public access
systems. Generally, a bastion host is running some form of general purpose
operating system (e.g., Unix, VMS, NT, etc.) rather than a ROM-based or firmware
operating system.
22. Question 22. What Is Screened Subnet?
Answer :
A subnet behind a screening router. The degree to which the subnet may be
accessed depends on the screening rules in the router.
23. Question 23. What Is Dual Homed Gateway?
Answer :
A dual homed gateway is a system that has two or more network interfaces, each of
which is connected to a different network. In firewall configurations, a dual homed
 gateway usually acts to block or filter some or all of the traffic trying to pass between
the networks.

Cisco Network Engineer Interview Questions

24. Question 24. What Is Log Retention?
Answer :
How long audit logs are retained and maintained.

Computer Network Security Interview Questions

25. Question 25. What Is Perimeter-based Security?
Answer :
The technique of securing a network by controlling access to all entry and exit points
of the network.
26. Question 26. Which Feature On A Firewall Can Be Used For Mitigating Ip
Spoofing Attacks?
Answer :
Access control list can be used for the purpose.

Cisco Asa Firewall Interview Questions

27. Question 27. What Type Of Firewall Can Be Used To Block A Web Security
Threat?
Answer :
A web application firewall or a layer 7 firewall can be used for the purpose.

Veritas Volume Manager (VVM or VxVM) Interview Questions

28. Question 28. Which Fields In A Packet Does A Network Layer Firewall Look
Into For Making Decisions?
Answer :
IP and transport layer headers for information related to source and destination IP
addresses, port numbers etc.
29. Question 29. Which Is The Main Field In An Ip Header , Which Is Modified By A
Nat Firewall?
Answer :
The source IP address in the IP header.
30. Question 30. Which Feature On A Cisco Firewall Can Be Used For Protection
Against Tcp Syn Flood Attacks?
Answer :
TCP intercept feature.
31. Question 31. What Is The Difference Between Gateway And Firewall?
 Answer :
A Gateway joins two networks together and a network firewall protects a network
against unauthorized incoming or outgoing access. Network firewalls may be
hardware devices or software programs.
32. Question 32. What Is The Difference Between Stateful & Stateless Firewall?
Answer :
Stateful firewall - A Stateful firewall is aware of the connections that pass through it.
It adds and maintains information about users connections in state table, referred to
as a connection table. It than uses this connection table to implement the security
policies for users connections. Example of stateful firewall are PIX, ASA, Checkpoint.
Stateless firewall - (Packet Filtering) Stateless firewalls on the other hand, does not
look at the state of connections but just at the packets themselves. Example of a
packet filtering firewall is the Extended Access Control Lists on Cisco IOS Routers.
33. Question 33. What Information Does Stateful Firewall Maintains?
Answer :
Stateful firewall maintains following information in its State table:-
1. Source IP address.
2. Destination IP address.
3. IP protocol like TCP, UDP.
4. IP protocol information such as TCP/UDP Port Numbers, TCP Sequence
Numbers, and TCP Flags.
Spotfire (TIBCO) Interview Questions
o Question 34. Firewalls Works At Which Layers?
Answer :
Firewalls work at layer 3, 4 & 7.
o Question 35. Explain Dmz (demilitarized Zone) Server?
Answer :
If we need some network resources such as a Web server or FTP server to be
available to outside users we place these resources on a separate network behind
the firewall called a demilitarized zone (DMZ). The firewall allows limited access to
the DMZ, but because the DMZ only includes the public servers, an attack there only
affects the servers and does not affect the inside network.
o Question 36. How Asa Works In Reference To Traceroute?
Answer :
ASA does not decrement the TTL value in traceroute because it does not want to give
its information to others for security purpose. It forwards it without decrementing the
TTL Value.
 Cisco Unified Computing System Interview Questions
o Question 37. What If We Apply Acl As Global In Asa?
Answer :
It will be applied on all interfaces towards inbound. Global option is only in ASA 8.4
not in ASA 8.2
o Question 38. What Are The Different Types Of Acl In Firewall?
Answer :
1.Standard ACL
2.Extended ACL
3.Ethertype ACL (Transparent Firewall)
4.Webtype ACL (SSL VPN)
o Question 39. What Is The Difference In Acl On Asa Than On Router?
Answer :
In router, if we delete one access-control entry whole ACL will be deleted. In ASA, if
we will delete one access-control entry whole ACL will not be deleted.
o Question 40. What Is The Need Of Transparent Firewall?
Answer :
If we want to deploy a new firewall into an existing network it can be a complicated
process due to various issues like IP address reconfiguration, network topology
changes, current firewall etc. We can easily insert a transparent firewall in an existing
segment and control traffic between two sides without having to readdress or
reconfigure the devices.

Virtual Private Network (VPN) Interview Questions

o Question 41. What Is Tranparent Firewall?
Answer :
In Transparent Mode, ASA acts as a Layer 2 device like a bridge or switch and
forwards Ethernet frames based on destination MAC-address.
o Question 42. Explain Ether-type Acl?
Answer :
In Transparent mode, unlike TCP/IP traffic for which security levels are used to
permit or deny traffic all non-IP traffic is denied by default. We create Ether-Type ACL
to allow NON-IP traffic. We can control traffic like BPDU, IPX etc with Ether-Type ACL.

CheckPoint Firewall Interview Questions

o Question 43. Explain Failover?
Answer :
 Failover is a cisco proprietary feature. It is used to provide redundancy. It requires
two identical ASAs to be connected to each other through a dedicated failover link.
Health of active interfaces and units are monitored to determine if failover has
occurred or not.
o Question 44. What Is The Difference Between Stateful Failover And
Stateless Failover?
Answer :
Stateless Failover: When failover occurs all active connections are dropped. Clients
need to re-establish connections when the new active unit takes over.
Stateful Failover: The active unit continually passes per-connection state information
to the standby unit. After a failover occurs, the same connection information is
available at the new active unit. Clients are not required to reconnect to keep the
same communication session.
o Question 45. What Information Active Unit Passes To The Standby Unit
In Stateful Failover?
Answer :
NAT translation table, TCP connection states, The ARP table, The Layer 2 bridge table
(when running in transparent firewall mode), ICMP connection state etc.
o Question 46. What Are The Failover Requirements Between Two
Devices?
Answer :
Hardware Requirements: The two units in a failover configuration must be the same
model, should have same number and types of interfaces.
Software Requirements: The two units in a failover configuration must be in the
same operating modes (routed or transparent single or multiple context). They must
have the same software version.
o Question 47. Explain Active/standby Failover?
Answer :
In Active/Standby Failover, one unit is the active unit which passes traffic. The
standby unit does not actively pass traffic. When Failover occurs, the active unit fails
over to the standby unit, which then becomes active. We can use Active/Standby
Failover for ASAs in both single or multiple context mode.
o Question 48. Explain Security Context?
Answer :
We can partition a Single ASA into multiple virtual devices, known as Security
Contexts. Each Context acts as an independent device, with its own security policy,
interfaces, and administrators. Multiple contexts are similar to having multiple
standalone devices.
o Question 49. What Features Are Supported In Multiple Context Mode?
 Answer :
Routing tables, Firewall features, IPS, and Management.
o Question 50. What Features Are Not Supported In Multiple Context
Mode?
Answer :
VPN and Dynamic Routing Protocols.
https://www.wisdomjobs.com/e-university/firewall-support-interview-questions.html

Top 22 Interview Questions: Network

Firewall [Updated 2021]
BY AAT TEAM · UPDATED MAY 10, 2021
The network firewall is considered the first line of defense against any cyber attack.  It
can protect different servers based on the firewall configuration. I believe questions
and answers are the best way to understand something. Here, we will discuss the
commonly asked interview questions in interviews, which also help you understand
more about firewall devices. Click Here If you are interested in learning the best book
for CCNA certification. For those who don’t know, CCNA is the most demanded
security certification by employers in network security.
Shop Related Products

TP-Link Wireless N300 2T2R Access Point, …

$41.85

 (4248)

Ubiquiti Unifi Security Gateway (USG)

$138.48

 (3234)
Defensive Security Handbook: Best Practic…
$30.57$49.99

 (145)

Zero Trust Networks: Building Secure Syst…

$33.46$59.99

 (129)
Ads by Amazon 

Q1. What is Network Security?

Ans: Network security is a process of securing IT infrastructure from unauthorized
access, misuse, malfunction, modification, destruction, or improper disclosure. IT
infrastructure includes firewalls, routers, switches, servers, and other devices, which
help host the software applications.
In simple terms, network security refers to all activities related to protecting the
confidentiality, integrity, and availability of an organization’s software and hardware
assets.

Q2. What is a Network Firewall?

Ans: Network firewall protects your network from unauthorized access. It filters
traffic based on the configuration set by the firewall administrator. The firewall
basically performs two functions, block and permit traffic based on configuration.
Q3. How does a firewall work?
Ans: Firewall filters network traffic based on the configuration set by the firewall
administrator.  It can permit or block any port number, web application, and network-
layer protocols based on configuration.
Common ports:
 80  HTTP
 443  HTTPS
 20 & 21  FTP
 23  Telnet
 22  SSH
 25  SMTP
Q4. What can a firewall protect IT infrastructure inside your organization?
Ans: Firewalls are configured to protect IT infrastructure from any unauthorized
access. It secures the network by implementing defined security policies, hiding and
protecting your internal network addresses, and reporting threats and activities. It also
provides audit logs related to network traffic to the firewall administrator, identifying
the root cause of a security breach.
Click here for Top Facts You Should Know About Network Firewall
Q5. Will IPSEC make firewalls obsolete?
Ans: To discuss this question, first, we need to understand what IPSEC does? IPSEC
provides host to host authentication and encryption. In simple terms, it provides a
solution of integrity and confidentiality to end customers.
While the firewall is protecting the network without doing encryption and host to host
authentication, it monitors the traffic and permit or block based on configuration. It
means we need both IPSEC and firewalls, and we can think of combining firewalls
with IPSEC-enabled hosts.

Q6. Where does a firewall fit in the security model?

Ans: A security model is a scheme for specifying and enforcing security policies.
Firewalls secure the network’s perimeters by implementing defined security policies,
hiding and protecting your internal network addresses, and reporting threats and
activities.
Q7. What is a VPN?
Ans: VPN stands for Virtual Private Network. It provides a secure tunnel that protects
your data from any intrusion. It is used to protect private web traffic from snooping,
interference, and censorship. In simple terms, it established the connection between
two private networks over the internet.
Types of VPN: Site-to-site VPN and Remote Access VPN.
Click here for Top 15 Best Practices of Network Firewall
Q8. What are the types of firewalls?
Ans: The National Institute of Standards and Technology (NIST), an organization
from the US, divides firewalls into three basic types: Packet filters, Stateful
inspection, and Proxy.
Packet filters permit or block packets based on port number, protocols source, and
destination address.

Stateful inspection works on the principle of the state of active connections between
client and server. It uses the state information to allow or block network traffic.

Proxy firewall combines stateful inspection technology to enable deep packet

inspection. Here, the firewall act as a proxy; a client makes a connection with the
firewall, and then the firewall makes a separate connection to the server on behalf of
the client.

Q9. What is source routed traffic and why is it a threat?

Ans: Source routing is not very much used in practice. It allows a sender of a packet
to partially or completely specify the route the packet takes through the network.
Generally, the router decides the route from destination to source. If source-routed
traffic allows through the firewall, an attacker can generate traffic claiming to be from
a system “inside” the firewall. In general, such traffic wouldn’t route to the firewall
properly, but with the source routing option, all the routers between the attacker’s
machine and the target will return traffic along the source route’s reverse path.
Implement such attacks are quite easy. Therefore it is a big threat to firewall devices.

Q10. What is IP spoofing and how can it be prevented?

Ans: IP spoofing is a practice where an attacker illicitly impersonates another
machine by manipulating IP packets. There are many tools available for IP Spoofing.
It can be prevented by the following ways:
 Invest in spoofing detection software
 Implement best security practices for IT assets
 Choose reliable ISP
 Implement Cryptographic protocols such as HTTP Secure (HTTPS), Secure,
etc.
 Shell (SSH) and Transport Layer Security (TLS)
 Avoid Direct IP user authentication
Fortinet Firewall Interview Questions – Click Here
Q11. What is a Host-based Firewall?
Ans:
 These are personal firewalls running on your desktops and laptops as software.
 Firewall software is generally included in your operating system and is also
available externally as a 3rd party solution.
 The main objective of the personal firewall is to stop unauthorized access to the
network.
 These firewalls are generally a “Stateful” firewall and block connection based
on port numbers.
 These firewalls are also used to block applications based on your configuration.
 The best example is the Windows Firewall, which works based on port number,
application, and other attributes.
Q12. Whether a firewall is able to block some specific pages in a web
application?
Ans: The answer is big Yes
 With the firewall’s help, you can allow or disallow applications such as MS
SQL Server, Twitter, Facebook, and a subset of the application.
 Example: Suppose you can log in on Facebook but not post on Facebook
because firewall blocks post feature on Facebook. Your firewall exactly knows
what request you are sending to the Internet.
Q13. What are SOHO firewalls?
Ans:
 It is abbreviated as Small Office/Home Office appliance. It usually provides
multiple functions with many security features include a wireless access point,
Router, Firewall, Content filter.
 It may not be able to provide advanced features of Dynamic Routing and
Remote support.
Q14. What is Unified Threat Management (UTM)?
Ans: 
 It is also called the All-in-one security appliance and Web Security Gateway.
 These devices generally have a lot of security features such as URL
filtering/content filtering, malware inspection (based on Malware signatures),
spam filter, CSU/DSU built-in functionality, also act as router/switch, firewall
functionality built-in, IDS/IPS capability, Bandwidth shaper may act as a VPN
endpoint.
Q15. What is a limitation of the network firewall?
Ans: 
 It acts as the first line of defense against any external attack. However, it is
weaponless against any internal attack.
 The firewall acts as a gatekeeper, but inside the house, it can’t stop any system
harm. A firewall basically designs to protect the network from other networks.
Q16. What is the packet filtering firewall?
Ans: In simple words, packet filtering firewall filter traffic based on packet attributes
such as source and destination addresses, source and destination port numbers, and
protocol types.
Q17. One type of firewall is a circuit-level gateway, can you explain it?
Ans: Circuit-level gateway, as the name suggests, allows or drops connection based
on creating a connection between destination and host. It involves monitoring TCP/IP
session requests between trusted hosts on the LAN and non-trusted hosts on the
Internet. It verifies TCP/IP connection procedure, also called handshaking and validity
of connection.
Q18. Which type of firewall is more secure, packet filtering firewall or circuit-
level gateway, and Why?
Ans: Circuit Level Gateway is considered more secure because Packet-filtering
solutions filter traffic based on packet attributes, as discussed in the previous question.
Circuit Level Gateway filters are based on the communication pattern of TCP/IP
packets. Packet-filtering solutions open the system to denial-of-service (DoS) attacks
(buffer overflow exploits in “allowed” applications on target machines, connections
exhaustion). However, Circuit Level Gateway filters also not able to protect the
system from DoS attacks completely.
Q19. What is the application Level gateway in the context of a network firewall?
Ans:
 In this case, the firewall act as a proxy between the internal client and the
external server. The main purpose of this type of firewall is to monitor and
sanitize external communications.
 Whenever a user requests something from the Internet, a firewall creates
another similar request and checks whether request resources do not have any
malware and other security vulnerabilities.
Q20. What is a Stateful Inspection Firewall?
Ans:  Stateful inspection is the most effective way to secure a network. It combines
the features of the packet filtering firewall, Circuit Level Gateway, and Application
Level gateway.
Q21. What are the attack methods on the network?
Ans: Some common attack methods are ping sweep, port scan, email reconnaissance,
IP spoofing, DDoS attack, packet sniffing, DNS transfer, Trojan horses, backdoors,
spyware, etc.
Q22. Explain the concept of IP spoofing.
Ans:  Here, Attacker used this technique to hide the actual IP. They send malicious
traffic from fake IP or spoof IP. This is the challenge for security experts and law
enforcement agencies to find the actual attacker. DDoS is the most popular attack by
using this technique.
Related