Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10 Key Interview Questions for Network Administrators

  • If you're not properly prepared, technical interviews can turn sour in a hurry. IT managers are looking for a good fit from a cultural perspective, but they also want to make sure you can handle tasks that require thorough understanding of specific IT functions. This is especially true for eager candidates who want to break into IT infrastructure roles such as network administrator.

    In most organizations, the role of the network admin covers three primary areas: routing and switching, wireless LAN technologies, and security. The day-to-day care and feeding of a network often involves understanding the Spanning Tree Protocol, routing protocols, and network monitoring/troubleshooting tools. Competency in physical cabling is also useful as network administrators are often tasked with adding/moving various network components around, which requires them to connect/disconnect devices using copper Ethernet, fiber optics, DAC and various other LAN and data center physical connectivity options.

    Wireless LAN technologies are an increasingly important skillset for network administrators. This includes knowing how to setup and secure WiFi SSIDs, but also how WiFi signals are propagated. Knowing wireless fundamentals such as frequency, wavelength, refraction, diffraction, and signal-to-noise ratio (SNR) helps for troubleshooting common issues such as interference, physical obstructions and noise.

    Finally, network administrators are required to have a solid background in IT security, at least from a network perspective. This includes understanding firewalls, intrusion-prevention systems, secure remote access, data loss prevention, and end-to-end data encryption. Even in large companies that have their own IT security department, it’s common for the network administrators to do much of the heavy lifting when it comes to designing, integrating, and managing network security devices.

    If you’re getting ready for your first network administrator interview, here are 10 technical questions employers are likely to ask.

    (Image: Dmitry A/Shutterstock)

  • What is the smallest IPv4 subnet mask that can be applied to a network containing up to 30 devices?

    One of the first lessons a network administrator must learn is how to properly size IPv4 subnets. Whether you have a standard /24 VLAN for end users, a /30 for point-to-point links, or something in between, understanding how to subnet is a vital skill. To answer this question, a subnet that must contain up to 30 devices works out to be a /27 – or a subnet mask of Be sure you can perform this work with a pen and a sheet of paper. To check your work, feel free to use subnet calculator sites such as this one.

    (Image: Photon photo/Shutterstock)

  • What's the purpose of Spanning Tree?

    One of the most confusing topics for new network administrators is the Spanning Tree Protocol (STP). This protocol operates at layer 2 of the OSI model with the purpose of preventing loops on the network. Without STP, a redundant switch deployment would create broadcast storms that cripple even the most robust networks. There are several iterations based on the original IEEE 802.1D standard; each operates slightly different than the others while largely accomplishing the same loop-free goal. This is partly why STP is so confusing. Topics such as path cost calculations, root bridge IDs, BPDUs, and root/BPDU guard should be well understood prior to any technical interview.

    (Image: geralt/Pixabay)

  • What does "stateful" mean at it relates to stateful firewalls?

    Firewalls have become a crucial network admin competency in any enterprise organization. The basic premise behind modern firewalls is that access policies are configured to only allow traffic to and from specific IP addresses and TCP/UDP ports. To help accomplish this goal, the firewall maintains a dynamic “state table.” Within this state table, you’ll find information regarding the active connections that pass between secure interfaces. Only packets that match the rules and are known to the firewall as “active” will be permitted to pass through. This eliminates the possibility that a rogue – and potentially malicious – packet would be accidently masked as legitimate and allowed into secure portions of the LAN.

    (Image: Clker-Free-Vector Images/Pixabay)

  • Which travels farther, 2.4 GHz or 5 GHz WiFi signals and why?

    The 2.4 and 5 GHz spectrums are both used in enterprise WiFi deployments. While the 5 GHz range boasts better transmit and receive speeds, it does so at the cost of signal propagation. Because the 2.4 GHz radio waves are in a lower frequency spectrum, the waves are larger and thus can travel farther – and are more capable of penetrating obstructions.

    (Image: OpenClipart-Vectors/Pixabay)

  • Can you explain what the purpose of administrative distance (AD) is as it relates to routing protocols?

    When using a dynamic routing protocol in conjunction with static routes or other dynamic routing protocols, administrative distance (AD) becomes a key consideration. Within a router, there may be many routes to the same destination. For example, you may have a route to the network learned by both EIGRP and OSPF. So, which will the router choose to place into the routing table? The one with the lowest AD, of course. By default, EIGRP-internally learned routes have an AD of 90 while OSPF has an AD of 110. Thus, the route placed into the routing table would be the EIGRP learned route.

    (Image: Clker-Free-Vector Images/Pixabay)

  • Provide examples of when you would use a static NAT, and when you might use a dynamic NAT

    Network address translation (NAT) is often used at the internet edge. Internet-connected businesses own or lease publicly routable IPv4 space. Then within the local LAN, they use non-routable, RFC 1918 IP subnets. For those devices to reach the internet, NAT is used to convert the non-routable IP address to one that is routable. NAT maintains a table that maps the internal IP to the external IP. This mapping can either be static or dynamic in nature. For servers that must always be accessible by other devices on the Internet, a static NAT is the proper choice. That way, the server is always reachable using the same public IP address. For users who only need access out to the internet, dynamic NAT is the preferred choice; it allows hundreds or thousands of devices to share a single publicly routable address. The NAT table keeps track of the different dynamic mappings using a 16-bit port number. This is technically known as port address translation (PAT).

    (Image: wnypnt/Pixabay)

  • What is the purpose of the ARP table?

    Network pros must understand how layer 2 switching and layer 3 routing work together on a network. This is where the ARP table comes into play. On layer 3 network devices such as routers or layer 3 switches, the ARP table maintains a list of known IP addresses and their corresponding MAC address where their next layer 2 hop resides. Static ARP entries can be configured. However, in most cases, the ARP table is dynamically learned using broadcast messages originating from the end device that are learned by the subnet’s L3 gateway.

  • Why does voice and video traffic use the UDP protocol as opposed to TCP?

    Real-time streaming of data such as voice and video is becoming increasingly important. Because this type of data is time sensitive, it doesn’t make sense to use the TCP protocol that has built-in retransmission capabilities in the event the original packet doesn’t reach its destination. Instead, UDP is used because it does not have retransmission features. Instead, UDP’s “best effort” transport service is far better suited in situations where a packet or two lost does not mean the entire data set must be retransmitted.

    (Image: websubs/Pixabay)

  • What are two primary methods for authenticating WiFi users on an enterprise LAN?

    The most basic authentication method is to use a WPA2 pre-shared key (PSK). The problem with the PSK is that it must be shared with all that use it. Thus, unless you change the key often, the network can become insecure. WPA2 PSK is sometimes used on enterprise LANs for guest users to allow them to access the internet and not any internal resources. For employees, the far more common authentication method is to use what’s known as WPA2 Enterprise, which allows users to login with 802.1x authentication. Typically, this is a RADIUS server that ties into a back-end Windows AD server. This method allows the user to seamlessly login to the enterprise LAN using their own password that’s tied to their AD account.

    (Image: achinverma/Pixabay)