Network Foundations & Architecture: OSI, IP, Routing, and Security

Network Foundations & Architecture | Hardware & Office Technology Systems | Operating Systems & Diagnostics | Cybersecurity & System Security | Software Engineering to Systems Administration Bridging | Customer Service, Field Dispatch, & Scenarios

What is the main difference between a Hub, a Switch, and a Router?

A Hub operates at Layer 1 and broadcasts all data to every connected device. A Switch operates at Layer 2, sending data only to the specific device using MAC addresses. A Router operates at Layer 3, connecting different networks together and routing traffic using IP addresses.

Can you explain the seven layers of the OSI Model from top to bottom?

Application (Layer 7), Presentation (Layer 6), Session (Layer 5), Transport (Layer 4), Network (Layer 3), Data Link (Layer 2), Physical (Layer 1).

What is the functional difference between TCP and UDP?

TCP is connection-oriented and ensures guaranteed, ordered delivery of packets (e.g., loading a webpage via HTTPS). UDP is connectionless and prioritizes speed over reliability, meaning dropped packets aren't resent (e.g., live video streaming or VoIP).

What is DHCP, and what four-step process (DORA) does it use to assign IP addresses?

DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses using the DORA process: Discover (client looks for a server), Offer (server offers an IP), Request (client accepts the IP), Acknowledge (server confirms the lease).

What is the purpose of DNS?

DNS (Domain Name System) translates human-readable domain names (like google.com) into IP addresses.

What happens when a device fails to resolve a domain name?

The user cannot access the website using its name, though they could still reach it by typing its direct IP address.

What is a Subnet Mask?

A subnet mask divides an IP address into a 'network' portion and a 'host' portion.

How does a Subnet Mask help a computer determine if an IP is local or remote?

It tells the computer whether a destination IP is on the same local network (communicate directly) or on a remote network (send to the Default Gateway).

Explain the difference between a Public IP address and a Private IP address.

Public IPs are globally unique and routable across the public internet. Private IPs (like 192.168.x.x) are reserved for internal use within a local network and cannot be routed on the internet directly.

What is NAT (Network Address Translation)?

NAT translates private IP addresses from a local network into a single public IP address before sending traffic out to the internet.

Why is NAT crucial for modern router operations?

It conserves the limited pool of IPv4 addresses and adds a layer of security.

What is a Default Gateway?

The IP address of the router interface that connects the local network to outside networks (the internet).

What happens to network traffic if the Default Gateway is misconfigured?

Devices can talk to each other locally but cannot reach the internet.

How does a MAC address differ from an IP address?

A MAC address is a physical, permanently burned-in address assigned to a network interface card (NIC) operating at Layer 2. An IP address is a logical address assigned dynamically or statically by the network operating at Layer 3.

What is the loopback IP address for IPv4?

The loopback address is 127.0.0.1.

What is the primary diagnostic purpose of the loopback IP address?

Pinging it verifies that the local computer's TCP/IP stack is installed and functioning properly, regardless of physical network connections.

What is the difference between IPv4 and IPv6 besides the number of bits?

IPv4 is 32-bit and uses numeric dotted-decimal notation. IPv6 is 128-bit, uses alphanumeric hexadecimal notation, has built-in IPsec security, and eliminates the need for NAT due to its vast address space.

What is a VLAN?

A VLAN (Virtual Local Area Network) logically separates a single physical switch into multiple isolated networks.

Why would an office technology team implement a VLAN?

It improves security, isolates broadcast traffic to prevent congestion, and groups users by function rather than physical location.

Explain the difference between static routing and dynamic routing.

Static routing requires an administrator to manually enter routes into the router's table. Dynamic routing uses protocols (like OSPF or BGP) allowing routers to automatically communicate and adjust routes based on network topology changes.

What are the standard port numbers for HTTP, HTTPS, FTP, and SSH?

HTTP: 80, HTTPS: 443, FTP: 20/21, SSH: 22.

What port does a secure remote desktop connection (RDP) run on by default?

RDP runs on port 3389.

What is a VPN?

A VPN (Virtual Private Network) creates an encrypted tunnel over a public network, allowing remote users to securely access private network resources.

What tunneling protocols are commonly used to secure a VPN?

Common protocols include IPsec, OpenVPN, and WireGuard.

What is Ping?

Ping is a utility used to test the reachability of a host on an IP network and measure the round-trip time.

What network protocol does Ping rely on to test connectivity?

Ping relies on ICMP (Internet Control Message Protocol) Echo Request and Echo Reply messages.

What is the difference between bandwidth and latency?

Bandwidth is the maximum capacity of data that can be transferred over a network connection in a given time. Latency is the time it takes for a packet of data to travel from source to destination.

Explain what a proxy server does.

A proxy server acts as a middleman, intercepting client requests and making web requests on their behalf, often caching content and filtering URLs.

How does a proxy server differ from a standard firewall?

A standard firewall filters traffic at the network and transport layers based on IP addresses and ports.

What are the core hardware components required for a computer to successfully complete a POST?

Motherboard, CPU, RAM, and a Power Supply.

If a computer turns on but the screen stays black without a beep, what hardware component do you troubleshoot first?

RAM (try reseating it or testing one stick at a time), followed by the GPU/display connections.

What is the difference between volatile and non-volatile memory?

Volatile memory (like RAM) loses its data when power is turned off. Non-volatile memory (like SSDs, HDDs, and ROM) retains its data without power.

How does an SSD differ from a traditional HDD in terms of data storage mechanics?

SSDs use NAND flash memory with no moving parts, making them much faster but with a finite number of write cycles. HDDs use spinning magnetic platters and a mechanical read/write head, making them slower but often cheaper for mass storage.

What is RAID?

RAID combines multiple drives for speed or redundancy.

What is the difference between RAID 0, RAID 1, and RAID 5?

RAID 0 (Striping) splits data across drives for speed but has zero redundancy. RAID 1 (Mirroring) copies the exact same data to two drives for 100% redundancy. RAID 5 (Striping with Parity) distributes data and parity bits across 3+ drives, allowing the system to survive one drive failure while improving read speeds.

If a network printer is showing an 'Offline' status, what are your first three physical troubleshooting steps?

Check that the printer is powered on and awake, verify the physical ethernet cable is plugged in and showing link lights, and check the printer's front panel for physical errors (paper jam, out of toner).

What is the difference between a Type A, Type B, and Type C USB connection?

Type A is the standard flat, rectangular connector used on PCs. Type B is square with beveled corners, commonly used on printers. Type C is a modern, compact, reversible connector capable of carrying high-speed data, video, and power.

Explain the difference between Cat5e, Cat6, and Cat6a ethernet cables.

Cat5e supports up to 1 Gbps at 100 meters.

What is the difference between Cat5e, Cat6, and Cat6a ethernet cables?

Cat5e supports up to 1 Gbps at 100 meters; Cat6 supports 10 Gbps but only up to 55 meters; Cat6a supports 10 Gbps for the full 100-meter distance due to heavier shielding against crosstalk.

When would you use a crossover cable instead of a straight-through ethernet cable?

Crossover cables were historically used to connect two like devices directly, but modern switches with Auto-MDIX technology make them largely obsolete.

What is a Power over Ethernet (PoE) switch?

A PoE switch provides both network data and electrical power over a single ethernet cable, commonly used for VoIP phones, Wireless Access Points, and IP security cameras.

What is the function of a motherboard's CMOS battery?

The CMOS battery powers the Real-Time Clock and retains BIOS/UEFI settings when the PC is unplugged; failure results in system time resetting and loss of hardware boot settings.

How do you identify a bad capacitor on a circuit board?

Look for a cylindrical component whose top is bulging, cracked, or leaking a crusty brownish fluid.

What is a print server?

A print server centralizes print queue management and driver deployment, allowing workstations to connect to the server instead of installing drivers on each workstation.

What are the physical and functional differences between single-mode and multi-mode fiber optic cables?

Single-mode has a narrow core and uses laser light for long-distance runs; multi-mode has a wider core and uses LED light for shorter runs.

What is a UPS (Uninterruptible Power Supply)?

A UPS provides temporary battery power during outages and performs line conditioning to protect hardware from power surges, sags, and brownouts.

What is the maximum distance a standard copper Ethernet cable can run before signal degradation occurs?

100 meters (approx. 328 feet).

How do you terminate a standard RJ45 connector using the T568B wiring standard?

From left to right: White-Orange, Orange, White-Green, Blue, White-Blue, Green, White-Brown, Brown.

What is an IP rating on field technology hardware?

Ingress Protection (IP) rates hardware against environmental hazards; the first digit is dust protection and the second is water protection.

How does a hardware-based firewall appliance differ from software-based Windows Defender rules?

A hardware firewall inspects and filters traffic for all devices on the network, while Windows Defender only protects the local operating system.

What is the purpose of the Windows Registry?

The Registry stores low-level settings for the Windows OS and applications; mishandling can corrupt the OS.

How do you open the Command Prompt as an Administrator?

Search 'cmd' in the Start menu, right-click, and select 'Run as administrator.'

What does the ipconfig /release and ipconfig /renew command sequence accomplish?

It drops the current IP address lease with the DHCP server and requests a new IP address configuration.

When would you use the tracert command instead of a standard ping command?

Use tracert when a ping fails to see which router hop is dropping the connection.

What does the nslookup tool verify during a network outage diagnostic run?

It queries the DNS server to verify if domain name resolution is working properly.

How do you view active network connections and listening ports using the command line?

By running netstat -ano.

What is the difference between a Blue Screen of Death (BSOD) caused by a driver conflict versus a hardware fault?

A driver conflict references a specific software file, while a hardware fault throws random memory stop codes.

How do you boot a Windows machine into Safe Mode?

Hold Shift while clicking Restart, then navigate to the advanced startup options.

What is Active Directory?

Active Directory is Microsoft's directory service for centralized domain management.

What is a Group Policy Object (GPO)?

A GPO is a collection of settings pushed from the domain controller to client machines to automate configurations.

Explain the difference between NTFS and exFAT file systems.

NTFS supports large files and granular security permissions; exFAT is optimized for flash drives and cross-platform compatibility.

How do you check system resource saturation in Windows without using a CLI?

Open Task Manager and view the 'Performance' tab.

What is Event Viewer?

Event Viewer is a centralized log tool for Windows used to diagnose application crashes.

What command-line utility validates the integrity of protected Windows system files?

sfc /scannow (System File Checker).

How do you map a network drive for an office workstation?

GUI: Open File Explorer and click 'Map network drive'; CLI: Use the command net use Z: \ServerName\SharedFolder.

What is the difference between a local user account and a domain user account?

A local user authenticates against the specific computer's internal database, while a domain user authenticates against a centralized Active Directory Domain Controller.

What is Virtual Memory (paging file) and how does Windows utilize it?

Virtual memory is a hidden file on the hard drive that Windows uses as 'overflow RAM' when physical RAM is full.

How do you restart the Print Spooler service in Windows?

Open the Services app, locate 'Print Spooler,' right-click, and select 'Restart.' Alternatively, use CMD: net stop spooler then net start spooler.

What is a MAC address filtering rule?

It is a security feature on a router, switch, or Wireless Access Point that allows or blocks network access based on the device's MAC address.

What is the role of device drivers?

Drivers act as software translators, allowing the operating system to send commands to physical components like graphics cards and printers.

What is the difference between symmetric and asymmetric encryption?

Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses a public key for encryption and a private key for decryption.

How does Multi-Factor Authentication (MFA) protect a network?

MFA requires a second form of verification, making it difficult for hackers to log in even if they have stolen credentials.

What is a Phishing attack?

Phishing is fraudulent communication designed to steal credentials, often indicated by forged sender domains and unverified links.

How does Ransomware operate?

Ransomware encrypts user files and demands payment for the decryption key; the first step if infected is to disconnect from the network.

What is a Man-in-the-Middle (MitM) attack?

A MitM attack intercepts communication between two parties; HTTPS mitigates this risk by encrypting the data in transit.

What is the concept of 'Least Privilege'?

Least Privilege dictates that users and systems are granted only the minimum access rights necessary for their functions.

What is a Brute Force attack?

A brute force attack is an automated attempt to guess a password by trying many combinations; account lock-out policies can prevent it.

How does a Spoofing attack differ from an authorized impersonation check?

Spoofing is malicious falsification of data to bypass security, while impersonation checks are administrative audits for security verification.

What is a Social Engineering attack?

Social engineering manipulates human psychology to gain confidential information, making it harder to block than software bugs.

What are the security differences between WPA2 and WPA3?

WPA3 provides stronger encryption, protects against offline dictionary attacks, and addresses vulnerabilities in WPA2.

What is an SSL/TLS handshake?

A handshake is the negotiation process where a client and server verify identity and establish encryption keys.

What is a Data Loss Prevention (DLP) policy?

DLP is a strategy to detect and prevent sensitive data from being transferred outside the corporate network.

How does a VPN protect data over public Wi-Fi?

A VPN encrypts data and routes it through a secure tunnel, preventing eavesdroppers from accessing the information.

What is a vulnerability patch?

A patch is a software update to fix security flaws; maintenance windows are scheduled for applying patches to minimize disruption.

What is the difference between a virus, a worm, and a Trojan horse?

A virus attaches to files and requires action to execute, a worm self-replicates and spreads automatically, and a Trojan disguises itself as legitimate software.

How does code compilation logic relate to network troubleshooting?

Both rely on sequential logic and isolating variables to trace issues step-by-step.

How can scripting languages automate system administration tasks?

Scripting languages allow automation of tasks like user creation and event log parsing, reducing manual effort.

What is an API?

An API (Application Programming Interface) allows software systems to communicate, such as querying device status in real time.

How can Git be applied to network configuration management?

Git can manage text-based configuration files for network devices, allowing version control and tracking changes.

What does version control allow a team to do?

Track configuration changes, review changes before deployment, and roll back to a previous commit if needed.

What is the difference between a monolithic infrastructure model and a microservices network layout?

A monolithic model runs all applications on one server, while a microservices layout breaks applications into small, independent services.

How does server-side virtualization optimize hardware resource usage?

It abstracts physical hardware, allowing a single server to host multiple isolated Virtual Machines, ensuring better resource utilization.

What is a Docker container?

A container packages an application and its dependencies, sharing the host OS's kernel, making it lightweight and fast.

How does a Docker container differ from a Virtual Machine?

A container shares the host OS's kernel, while a VM virtualizes the entire hardware stack with a separate OS.

How would you write a basic pseudo-script to ping a range of 50 IP addresses?

Iterate a variable from 1 to 50, concatenate it to the base subnet IP, execute the ping command, and output the response status.

What does a memory leak look like on a network server?

It manifests as increasing RAM consumption over time, degrading performance and potentially causing the server to crash.

Why is well-documented code similar to a well-labeled server rack?

Both allow future engineers to understand architecture quickly and trace problems without reverse-engineering.

How do you de-escalate a situation with a frantic customer whose network is down?

Acknowledge their urgency, inform them the broader network is stable, and assure them you can fix their specific issue faster.

How do you handle an angry client about a previous unresolved ticket?

Listen actively, apologize for past frustrations, take ownership, and communicate your plan to resolve the current issue.

How do you respond to an executive demanding to bypass network security rules?

Politely explain that security policies are in place to protect data and offer to help submit a formal exception request.