20 Questions for Network Maintenance Specialist 1. How would you describe what a 1:1 NAT does? Answer: This is for mapping one IP to another IP . 2. How would you check from Command Prompt to see what each IP address corresponds to each device on a network? Answer: sho ip interface brief . 3. A client has reported that SSL VPN is completely inoperable for all remote users, yet a check of the firewall shows that the gateway is up and responsive to queries. What is a common cause that would produce this issue? Answer: I will check my firewall internet connectivity status .I will ping 8.8.8.8 from firewall whether it’s reachable or not. 4. Remote users call in and report that sometimes the SSL VPN works and sometimes it doesn’t with no given pattern to the behavior. You check the firewall and see there are two WAN ports configured in failover. What would you need to check to see why the VPN is constantly going up and down for everyone? Answer: I will check firewall Wan port stability. I will make sure thre is no flap in interface. 5. You have two devices plugged into the same switch that can’t communicate with each other. You’ve checked the cables and switch ports and verified that they are both functioning properly, and each device has internet access. You’ve run ipconfig /all on both devices and verified that they don’t have APIPA addresses. What would you need to check next to further isolate the issue? Answer:I will check both the switch ports are assign to vlan or not .I will subnet of ip being assigned both the devices. 6. A client has scheduled to have new IP cameras installed on the network. The technician installs them but says that they aren’t remotely visible from their phone app or their web portal. The technician says that they usually need the IT people to do something to make a specific port accessible on the firewall to get them to work. What is the technician referring to? Answer: to make sure camera port are allowed in firewall rule or not. 7. A client submits a ticket saying that several users can’t get on the internal Wi-Fi network. You get into the wireless controller and see that it is setup for RADIUS authentication. What is the next thing you should check to see why authentication might be failing? Answer: in our network we have ise deployed , so I used to check ise logs authentication is getting success ir not .If it’s not getting success I used to verify the authentication policy created on ISe and verify the AD server status associated with ISE. 8. You are troubleshooting a VPN authentication issue for a user and check the firewall to see that VPN authentication is set to LDAP. You look on the server that LDAP authentication is set to and verify that the Active Directory account is enabled and not locked. What is the next thing you should check to isolate why the authentication is failing? Answer: As a firewall engineer I will verify Ldap server connection status between the firewall and Ldap is fine.If still user authentication is falling I will engage AD team to verify Ldap event logs that user authentication logs. 9. A user calls in reporting that they have no internet access. You walk the user through accessing command prompt and running the ipconfig command. You ask what their IP address and they tell you that it is 169.254.3.68. What does this mean? Answer: I will try in user command prompt to release and renew the ip as its apipa ip. 10. A client has reported that they are unable to access network shares on their network. You’ve tested with a few of the users and verified that you get a “resource not found” error with no prompt for domain login. Each user you test with has internet access. What would you need to check next to further isolate this behavior? Answer: 11. Two different users have contacted us to state that they have no internet or access to internal resources. You’ve reached out to both users and checked their network settings and verified that they both have the same IP address. You check the DHCP server, which is the primary domain controller, and the DNS server entry for the IP address shows “BAD_ADDRESS”. What are some likely causes of this behavior? Answer: mostly this is part of window team work , I am not aware about this issue. 12. A client has opened a ticket stating that they recently moved their desk and computer equipment to a new office, but that their internet is working while their network share access and VoIP phone aren’t working. You remote in and verify that the workstation has a DHCP address of 10.1.20.167 with a gateway of 10.1.20.1, but your documentation for the client shows that they should be on an internal subnet of 10.1.10.X with a gateway of 10.1.10.1. What would be the next thing to check and verify to isolate the issue? Answer:I will verify the switch port are associated with correct vlan or not . 13. You are assigned a ticket where the user is complaining that everyone in the office gets 500 Mbps download and upload, but they only get 100 Mbps download and upload. You’ve traced the port that their workstation is plugged into back to the switch and verified that the switch and switch port are both Gigabit. You’ve checked the switch configuration since it’s layer 3 and verified that there are no bandwidth limitations on the port. What should you check next to isolate the issue? Answer: I will check in firewall to make sure thre is no restrictions of bandwidth for internet access. 14. One of your clients informs you that for some time users have been randomly experiencing issues when accessing the network/internet for both wired and wireless clients. You check the hardware (switches, WAP’s, workstations, etc.) and verify they are all properly configured and healthy. There is no pattern to the behavior from what anyone who has experienced it can tell. What is the next thing you should check to isolate the issue? Answer: 15. You have a client that is reporting that several wireless users and devices have issues with their connection speeds and signal strength. You check the wireless controller and see that the 2.4 GHz band is at 88% utilization while the 5 GHz band is only showing 4% utilization. You look at the connected devices in the appropriate area of the controller and verify that most of them are relatively new (manufactured within the past 3-4 years). What wireless setting should you check to isolate why this is happening? Answer: 16. A client has run out of DHCP addresses in their scope but needs to add many wireless handheld scanners to their network. They were provided with a proposal and quote to change the IP schema to increase their network subnet, but they rejected it due to budget constraints. They don’t want to purchase any new hardware as they are already over budget due to the price of the handheld scanners. You check the wireless controller and the DHCP server (the firewall) and find that it is a flat setup with no VLAN’s. What is the best way to resolve their need for more IP addresses without purchasing more equipment or restructuring the IP schema? Answer:we can supernet the ip. 17. A client has signed up for a new cloud-based VoIP phone system and the technician has reached out to you during installation. They are reporting that their phones are giving them an error that they can’t reach the cloud servers, which is preventing them from working. You were provided the firewall setup documentation beforehand and configured all the rules the VoIP provider requested beforehand and have verified in the logs that the forward traffic is being routed without denial. You check the ISP router and verify that there’s nothing that would block the ports required by the phones to communicate. What should you check next to isolate the issue? Answer:I will check in firewall that there sent and received packet available or not. I will run wireshark between the two host to check communication. 18. What is the minimum amount of information necessary to set up a site-to-site VPN (IPSEC) tunnel? Answer:Required phase 1 and phase 2 information like Authentication, Hash ,DH group , life time and Peer IP 19. How does the order of firewall policies impact enforcement upon network traffic? Answer: Top to Bottoms 20. What is the best tool or process to isolate what is happening with traffic between two nodes on a network? Answer: Wireshark