Networking

Question 1

What is the OSI model?

Answer 1

A 7-layer framework that describes how data travels across a network. Each layer has a specific role.

Each layer has a specific role.

Question 2

Name the 7 layers of the OSI model in order.

Answer 2

7-Application, 6-Presentation, 5-Session, 4-Transport, 3-Network, 2-Data Link, 1-Physical.

Question 3

What does Layer 1 (Physical) do?

Answer 3

Transmits raw bits over physical media such as copper cables, fibre optics, or radio waves.

Question 4

What does Layer 2 (Data Link) do?

Answer 4

Manages data transfer within a single local network. Switches operate here and it’s also responsible for MAC addresses

Question 5

What does Layer 3 (Network) do?

Answer 5

Handles IP addresses and routes packets between networks. Routers operate here.

IP + Routing + Routers

Question 6

What does Layer 4 (Transport) do?

Answer 6

Manages end-to-end delivery using port numbers. Uses TCP or UDP.

Question 7

What does Layer 7 (Application) do?

Answer 7

Provides network services directly to user applications. Protocols: HTTP, DNS, FTP, SMTP.

Question 8

What is TCP?

Answer 8

A connection-oriented protocol that guarantees reliable, ordered delivery of data. Uses a handshake before transferring data.

Question 9

What is UDP?

Answer 9

A connectionless protocol with no delivery guarantee. Faster than TCP. Used when speed matters more than reliability.

Question 10

What are the 3 steps of the TCP handshake?

Answer 10

1. Client sends SYN. 2. Server replies SYN-ACK. 3. Client sends ACK. Connection established.

Question 11

Give 3 examples of protocols that use TCP.

Answer 11

HTTP, HTTPS, SSH, SMTP, FTP — anything requiring reliable delivery.

Question 12

Give 3 examples of protocols that use UDP.

Answer 12

DNS, video streaming, VoIP, online gaming — anything where speed matters more than reliability.

Question 13

What is the main trade-off between TCP and UDP?

Answer 13

TCP = reliable but slower. UDP = fast but no delivery guarantee.

Question 14

What is an IPv4 address?

Answer 14

A 32-bit number written as four octets (e.g. 192.168.1.10). Each octet ranges from 0 to 255.

Question 15

What are the three private IPv4 ranges?

Answer 15

10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. These are not routable on the public internet.

Question 16

What is the loopback address?

Answer 16

127.0.0.1 — always refers to the local machine itself. Also called localhost.

Question 17

What does /24 mean in CIDR notation?

Answer 17

The first 24 bits are the network. Subnet mask: 255.255.255.0. Allows up to 254 usable host addresses.

Question 18

What is the difference between a public and private IP?

Answer 18

Public IPs are routable on the internet. Private IPs are used internally and need NAT to reach the internet.

Question 19

Why was IPv6 introduced?

Answer 19

IPv4 was running out of addresses (only ~4 billion). IPv6 uses 128-bit addresses, providing a vastly larger address space.

Question 20

What is a port ?

Answer 20

A software-based location that organizes the sending and receiving of data between devices on a network

Question 21

What are the three port ranges?

Answer 21

0–1023: Well-Known. 1024–49151: Registered. 49152–65535: Dynamic/Ephemeral.

Question 22

What port does SSH use?

Answer 22

Port 22.

Question 23

What port does HTTP use?

Answer 23

Port 80.

Question 24

What port does HTTPS use?

Answer 24

Port 443.

Question 25

What port does DNS use?

Answer 25

Port 53, primarily UDP.

Question 26

What port does FTP use?

Answer 26

Port 21 (control) and port 20 (data transfer).

Question 27

What port does RDP use?

Answer 27

Port 3389.

Question 28

What port does SMTP use?

Answer 28

Port 25.

Question 29

What does DNS do?

Answer 29

Translates domain names (e.g. google.com) into IP addresses (e.g. 142.250.185.46).

Question 30

What is a recursive resolver?

Answer 30

A server that does the work of finding a DNS answer by querying other servers on your behalf. Example: 8.8.8.8 (Google DNS).

Question 31

What is an authoritative name server?

Answer 31

The server that holds the actual DNS records for a domain and gives the final answer.

Question 32

What is a DNS A record?

Answer 32

Maps a domain name to an IPv4 address. Example: google.com -> 142.250.185.46.

Question 33

What is a DNS MX record?

Answer 33

Specifies the mail server responsible for receiving email for a domain.

Question 34

What is a DNS CNAME record?

Answer 34

An alias that points one domain name to another. Example: www -> google.com.

Question 35

What is DNS poisoning?

Answer 35

An attacker injects fake DNS records into a resolver's cache, redirecting users to a malicious site without their knowledge.

Question 36

What is DNS tunnelling?

Answer 36

Encoding data inside DNS queries to bypass firewalls or secretly transfer data out of a network.

Question 37

What is HTTP?

Answer 37

HyperText Transfer Protocol — used to request and deliver web pages and data between clients and servers. Operates on port 80.

Question 38

What is the difference between HTTP and HTTPS?

Answer 38

HTTP sends data in plaintext. HTTPS encrypts traffic using TLS on port 443.

Question 39

What does TLS do?

Answer 39

Encrypts data between client and server, verifies the server's identity, and ensures data is not altered in transit.

Question 40

What is an HTTP GET request?

Answer 40

Requests data from a server. Parameters are visible in the URL.

Question 41

What is an HTTP POST request?

Answer 41

Submits data to a server inside the request body, not the URL.

Question 42

What do 4xx HTTP status codes mean?

Answer 42

Client-side errors. Example: 404 = Not Found, 403 = Forbidden.

Question 43

What do 5xx HTTP status codes mean?

Answer 43

Server-side errors. Example: 500 = Internal Server Error.

Question 44

What is NAT?

Answer 44

Network Address Translation — allows multiple devices with private IPs to share one public IP address. The router handles the translation.

Question 45

What is a default gateway?

Answer 45

The IP address of the router a device sends traffic to when the destination is outside its local network. Usually the first address in a subnet (e.g. 192.168.1.1).

Question 46

What is a routing table?

Answer 46

A list of known networks and the next hop needed to reach them. Routers use this to decide where to forward each packet.

Question 47

What is the difference between static and dynamic routing?

Answer 47

Static: routes set manually, reliable but does not adapt to changes. Dynamic: routes learned automatically via protocols like OSPF, adapts to network changes.

Question 48

What does a firewall do?

Answer 48

A network security device or software that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. ## Footnote Allowing or blocking connections by IP, port, and protocol.

Question 49

What is a stateful firewall?

Answer 49

A firewall that tracks the state of active connections. It knows whether an incoming packet belongs to an established session, not just its IP and port.

Question 50

What is a packet filter firewall?

Answer 50

Checks each packet's IP, port, and protocol individually with no memory of previous packets. Simpler and faster but easier to bypass than a stateful firewall.

Question 51

What is an implicit deny rule?

Answer 51

A rule at the end of a firewall policy that blocks all traffic not explicitly allowed. The default: deny everything unless permitted.

Question 52

What is a WAF?

Answer 52

Web Application Firewall — inspects HTTP/HTTPS traffic at Layer 7 to detect attacks like SQL injection and cross-site scripting.

Question 53

What is an IDS?

Answer 53

Intrusion Detection System — monitors traffic and generates alerts when suspicious activity is detected. It does not block traffic.

Question 54

What is an IPS?

Answer 54

Intrusion Prevention System — monitors traffic and automatically blocks malicious activity in real time.

Question 55

What is the key difference between IDS and IPS?

Answer 55

IDS is passive — it only detects and alerts. IPS is active — it detects and blocks.

Question 56

What is signature-based detection?

Answer 56

Matches traffic against a database of known attack patterns. Accurate for known threats but cannot detect new unknown attacks.

Question 57

What is anomaly-based detection?

Answer 57

Establishes a baseline of normal behaviour and alerts on deviations. Can catch unknown attacks but produces more false positives.

Question 58

What is a false positive in IDS/IPS?

Answer 58

An alert triggered by legitimate, non-malicious traffic. Example: an internal port scan incorrectly flagged as an attack.

Question 59

What is WEP?

Answer 59

Wired Equivalent Privacy (1997) — the first Wi-Fi security protocol. Uses RC4 encryption. Considered completely broken and should never be used.

Question 60

What is WPA2?

Answer 60

Wi-Fi Protected Access 2 (2004) — uses AES-CCMP encryption. The most widely used Wi-Fi security standard. Vulnerable to offline attacks if a weak password is used.

Question 61

What is WPA3?

Answer 61

The current Wi-Fi security standard (2018). Uses SAE handshake, which prevents offline password cracking even if the handshake is captured.

Question 62

What is an evil twin attack?

Answer 62

A rogue access point that mimics a legitimate Wi-Fi network. Devices connect to it unknowingly, allowing the attacker to intercept their traffic.

Question 63

What is a deauthentication attack?

Answer 63

Sending forged frames to disconnect a device from Wi-Fi. When it reconnects, the attacker captures the handshake to crack the password offline.

Question 64

What is a VPN?

Answer 64

Virtual Private Network — creates an encrypted tunnel between a device and a network over the internet, protecting data in transit.

Question 65

What is a remote access VPN?

Answer 65

Allows individual users to securely connect to a company network from a remote location, as if they were physically in the office.

Question 66

What is a site-to-site VPN?

Answer 66

Permanently connects two separate office networks together via an encrypted tunnel between their routers.

Question 67

What is split tunnelling?

Answer 67

Only company-bound traffic goes through the VPN. Personal browsing uses the local internet connection directly.

Question 68

What is ICMP used for?

Answer 68

Testing network connectivity (ping) and reporting errors. Operates at Layer 3.

Question 69

What is ARP?

Answer 69

Address Resolution Protocol — resolves an IP address to a MAC address on a local network.

Question 70

What is DHCP?

Answer 70

Dynamic Host Configuration Protocol — automatically assigns IP addresses and network settings to devices when they connect to a network. Uses ports 67 and 68.

Question 71

What is SMTP?

Answer 71

Simple Mail Transfer Protocol — used to send email between servers. Runs on port 25.

Question 72

What is the difference between FTP and SFTP?

Answer 72

FTP transfers files in plaintext on port 21. SFTP transfers files encrypted over SSH on port 22.

Question 73

What is packet sniffing?

Answer 73

The process of capturing, monitoring, and logging data packets as they traverse a network

Question 74

What is encapsulation?

Answer 74

is a process performed by a VPN service that protects data in transit by wrapping sensitive data in other data packets.