Networking knowledge is tested across a wide range of IT roles—not just network engineers. SysAdmins, cloud architects, security analysts, and DevOps engineers all encounter networking questions because the work they do depends on understanding how data moves. This article covers the most frequently asked networking questions in technical interviews, organized by topic, with the level of depth that actually gets asked at mid-to-senior level.
OSI Model and TCP/IP Questions
Layers, Protocols, and the TCP Three-Way Handshake
The OSI model appears in almost every infrastructure interview, but the follow-up questions reveal whether a candidate actually understands it or just memorized the seven layers.
"Walk me through the OSI model and give a real example at each layer."
Most candidates can name the layers. Stronger answers give concrete examples: Layer 2 is Ethernet frames and MAC addressing; Layer 3 is IP routing; Layer 4 is TCP and UDP port numbers; Layer 7 is HTTP, DNS, and application protocol behavior. The interviewer is checking whether you can map real protocols to the model.
"What is the difference between TCP and UDP? When would you use each?"
TCP provides connection-oriented, ordered, and reliable delivery via a three-way handshake (SYN, SYN-ACK, ACK) and retransmission of lost segments. UDP is connectionless, provides no guarantee of delivery or ordering, and carries less overhead. UDP is appropriate when latency matters more than reliability: DNS lookups, video streaming, VoIP, gaming. TCP is appropriate for anything requiring guaranteed delivery: file transfer, database connections, web requests.
"Explain the TCP three-way handshake and what happens at each step."
- Client sends SYN with an initial sequence number (ISN)
- Server responds SYN-ACK, acknowledging the client's ISN and sending its own ISN
- Client sends ACK, acknowledging the server's ISN
Connection is now established. The four-way teardown (FIN, ACK, FIN, ACK) closes it. Understanding sequence numbers and how they are used for retransmission separates candidates who understand the protocol from those who know the abbreviation.
DNS Questions
Record Types, Resolution, and TTL Management
"It's not DNS. There's no way it's DNS. It was DNS." — This maxim, widely repeated among network engineers, reflects a genuine pattern: DNS misconfigurations cause a disproportionate share of production outages. Andrew Tanenbaum notes in Computer Networks (Prentice Hall, 5th ed.) that DNS's hierarchical, cached, eventually-consistent design creates multiple failure points that operators must understand cold.
DNS questions are extremely common because DNS failures cause a disproportionate number of real-world incidents.
"What happens when you type a URL into a browser and hit Enter?"
This is a classic interview question that can be answered at multiple depths. The key steps relevant to networking: DNS resolution (local cache, OS resolver, recursive resolver, root nameserver, TLD nameserver, authoritative nameserver), TCP connection establishment, TLS handshake if HTTPS, HTTP request/response. Candidates who can trace this end-to-end and discuss the role of each component demonstrate genuine understanding.
"What is the difference between an A record, CNAME, MX record, and TXT record?"
| Record Type | Purpose |
|---|---|
| A | Maps hostname to IPv4 address |
| AAAA | Maps hostname to IPv6 address |
| CNAME | Alias from one hostname to another |
| MX | Mail exchanger; specifies mail server for a domain |
| TXT | Arbitrary text; used for SPF, DKIM, domain verification |
| NS | Nameserver delegation |
| PTR | Reverse DNS; IP to hostname |
"What is a TTL in DNS and why does it matter for operations?"
TTL (Time to Live) is the number of seconds a resolver should cache a record before re-querying. Low TTLs allow rapid record updates but increase DNS query volume. High TTLs reduce query load but mean changes propagate slowly. Before a planned IP migration, an experienced engineer lowers TTL to 60-300 seconds well in advance so caches clear quickly when the change is made.
Routing and Switching Questions
VLANs, OSPF, and BGP
"What is the difference between a router and a switch?"
A switch operates at Layer 2 and forwards frames based on MAC addresses within a network segment. A router operates at Layer 3 and routes packets between different network segments based on IP addresses and routing tables. Many modern devices combine both functions, but the conceptual distinction still matters.
"Explain VLAN and why you would use one."
A VLAN (Virtual LAN) is a logical segmentation of a physical network into separate broadcast domains. VLANs allow you to isolate traffic between departments or functions (servers, workstations, IoT devices) without needing separate physical switches. Trunking allows multiple VLANs to traverse a single physical link using 802.1Q tagging.
"What is the difference between OSPF and BGP?"
OSPF is an interior gateway protocol (IGP) that runs within a single autonomous system. It uses link-state advertisements to build a topology map and calculates shortest paths using Dijkstra's algorithm. It is appropriate for internal enterprise or data center routing.
BGP is an exterior gateway protocol (EGP) designed to route between autonomous systems—it is how the internet itself routes. BGP is policy-based rather than metric-based and is used by large enterprises, ISPs, and cloud providers. In cloud environments, BGP is used for Direct Connect (AWS) and ExpressRoute (Azure) to peer on-premises networks with cloud infrastructure.
Subnetting Questions
CIDR Calculations and Subnet Division
Subnetting questions appear in almost every network and infrastructure interview. The typical format:
"Given the network 192.168.10.0/24, how many usable hosts can it support? How would you divide it into four equal subnets?"
A /24 has 256 addresses (2^8), minus 2 for network and broadcast = 254 usable hosts.
Dividing into four equal subnets requires borrowing 2 bits from the host portion, giving /26 subnets. Each /26 has 64 addresses, 62 usable:
- 192.168.10.0/26 (hosts 1-62)
- 192.168.10.64/26 (hosts 65-126)
- 192.168.10.128/26 (hosts 129-190)
- 192.168.10.192/26 (hosts 193-254)
Be comfortable doing these calculations mentally and explaining the logic, not just producing the answer.
Firewalls and Network Security Questions
Stateful vs Stateless, NAT, and DMZ Design
"What is the difference between a stateful and stateless firewall?"
A stateless firewall evaluates each packet independently against a set of rules without awareness of connection state. A stateful firewall tracks connection state and allows return traffic for established connections without needing explicit rules for each direction. Stateful inspection is standard in modern enterprise firewalls.
"What is NAT and what problem does it solve?"
Network Address Translation maps private IP addresses to one or more public IP addresses. It was introduced as a practical solution to IPv4 address exhaustion. In practice, an organization's internal hosts use RFC 1918 private addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and share one or a few public IPs through the NAT device.
"Explain the concept of a DMZ."
A demilitarized zone (DMZ) is a network segment that sits between the public internet and the internal trusted network. Servers that must be reachable from the internet (web servers, mail servers) are placed in the DMZ, limiting exposure if they are compromised. Traffic between the DMZ and internal network is controlled by a second firewall.
Common Diagnostic Commands
Tools for Network Troubleshooting
Interviewers for sysadmin and network roles often ask candidates to describe what commands they would use to diagnose a networking problem. Key tools:
# Check network interface configuration
ip addr show
ip route show
# Test connectivity
ping 8.8.8.8
traceroute google.com
# DNS lookup
dig google.com
nslookup google.com
# Check open ports and listening services
ss -tulnp
netstat -an
# Capture packets for analysis
tcpdump -i eth0 port 443
Knowing when to use each and what to look for in the output is the real test.
Cloud Networking Questions
AWS VPC, Security Groups, and Network ACLs
For roles that involve cloud platforms, expect questions about VPC architecture, security groups, routing tables, and peering.
"What is the difference between a security group and a network ACL in AWS?"
Security groups are stateful, apply at the instance level, and only support allow rules. Network ACLs are stateless, apply at the subnet level, and support both allow and deny rules. Because security groups are stateful, return traffic is automatically allowed. Because NACLs are stateless, you must explicitly allow both inbound and outbound directions.
See also: Linux and SysAdmin Interview Questions: The Commands and Concepts You Need
References
- Tanenbaum, A. S., & Wetherall, D. J. (2011). Computer Networks (5th ed.). Prentice Hall. ISBN: 978-0132126953
- Donahue, G. A. (2011). Network Warrior (2nd ed.). O'Reilly Media. ISBN: 978-1449387259
- Kozierok, C. M. (2005). The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference. No Starch Press. ISBN: 978-1593270476
- Forouzan, B. A. (2012). Data Communications and Networking (5th ed.). McGraw-Hill. ISBN: 978-0073376226
- Amazon Web Services. (2024). "Amazon VPC: Security Groups and Network ACLs." https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html
- Cloudflare. (2024). "DNS Record Types." https://www.cloudflare.com/learning/dns/dns-records/
- Rosen, R., & Schoephoerster, T. (2014). Linux Kernel Networking: Implementation and Theory. Apress. ISBN: 978-1430261964
Frequently Asked Questions
What networking topics come up most in IT technical interviews?
The most common topics are the OSI model with real protocol examples, TCP vs UDP differences and use cases, DNS record types and resolution flow, subnetting calculations, and the difference between routing protocols like OSPF and BGP. Cloud networking (VPCs, security groups) appears frequently in infrastructure and DevOps roles.
How deep do interviewers go on subnetting questions?
Mid-level interviews typically ask you to calculate subnet sizes, usable host counts, and how to divide a network into equal subnets. Senior interviews may ask you to design an addressing scheme for a multi-tier application or explain CIDR aggregation. Be comfortable calculating /24 through /30 subnets mentally.
What is the difference between OSPF and BGP?
OSPF is an interior gateway protocol that runs within a single autonomous system, uses link-state advertisements to build a topology, and calculates shortest paths with Dijkstra's algorithm. BGP is an exterior gateway protocol used between autonomous systems (including cloud provider peering) and makes decisions based on policy rather than a single metric.
What networking commands should I know for a sysadmin interview?
Know ip addr, ip route, ping, traceroute, dig, nslookup, ss or netstat for open ports, and tcpdump for packet capture. Be prepared to explain what the output means and what specific output patterns indicate problems like dropped routes or DNS failures.
What is the difference between a security group and a network ACL in AWS?
Security groups are stateful, apply at the instance level, and only support allow rules. Network ACLs are stateless, apply at the subnet level, and support both allow and deny rules. Because security groups track connection state, return traffic is automatically permitted without an explicit outbound rule.