Interesting Interview Questions (and answers)

NetworkGroover · May 04, 2015, 10:17:27 AM

Quote from: Otanx on May 01, 2015, 06:21:42 PM
Quote from: Reggle on May 01, 2015, 04:59:09 PM
Quote from: dlots on May 01, 2015, 10:33:32 AMNever mind I just figured it out, stops you from broadcasting your "internal" traffic out to the internet if the packets are sent to a subnet that doesn't exist.
I've covered that in my blog with null routing RFC 1918 ranges.

One other benefit from null routing the space is if you turn on uRPF anyone trying to spoof RFC1918 space as a source address will get dropped as well. There is actually a lot you can do with securing your network with just routing. A cool thing to do is instead of null routing is to set the next hop to a directly connected server. Then setup the server to alert on any inbound packet on that interface, and use tcpdump to capture every packet. Any packet that hits this is bad in some way (you need to use another interface to manage the host of course). Misconfigured NAT on your network will show up here, or if you use something like the Spamhaus BGP feeds it could be an infected host trying to reach a C&C server. If you do this server trick to catch outbound it does break uRPF unless you put it in strict mode which may cause other issues. I have found misconfigurations on networks using this trick a few times.

-Otanx

Spiffy!

NetworkGroover · May 04, 2015, 10:24:47 AM

Quote from: Fred on April 30, 2015, 08:59:49 PM
One of my favorites is to ask the candidate to diagram a network they've worked on or would like to work on. This can often turn into the entire interview, because every line, circle, square, or other notation can turn into a question. ("Why did you do it like that?", "Would you do it like that again in the future?", "What does that do?", "What if you had to add a public web server into your design?", "Can you explain to me how a client communicates with that web server?")

I want somebody who can communicate their ideas and understands the technology. I realize everybody has their strengths and weaknesses, but failure at these two are dealbreakers for me.

That's a pretty cool way to interview folks - and probably quickly eliminates cert brain dumpers. While I'd be a little nervous, I think I would have much more fun in an interview like that rather than the bullet point ones like:

What's the default priority for spanning tree?
What are the LSAs in OSPF?
What does TCN stand for?

Interviews like the one I mentioned above I'm not a fan of.

deanwebb · May 04, 2015, 10:57:59 AM

Go in for a security interview, then. There's just one question:

"You want to do security?"
"yes."
"You're hired! Start now!"

NetworkGroover · May 04, 2015, 12:12:13 PM

I really enjoyed the interview process I went through for my current position. It was long, but great folks (I think I spent more time laughing than being nervous), and fun, open-ended questions like, "Tell me what you know about x technology." and "You have x amount of racks with y storage systems and z compute nodes - what switches would you use, break down port counts, oversubscription, etc." A lot of soft skills stuff as well.

When I interviewed with one of the top-level engineering execs it will always stick with me because while they were interviewing me they were walking down some street, forget the name, in New York having just left some investment meeting. They told me, "Hey, I have a very simple policy that I tell my guys. Don't hire assholes. If you can break down a complete data center buildout, but can't sit at the dinner table with my family without being awkward, I'm sure as hell not putting you in front of a customer."

dlots · May 05, 2015, 09:43:08 AM

I think the talk about a system you have worked on is a MUCH better interview than random questions. It puts a good person at ease as they should know everything about their system.

deanwebb · May 05, 2015, 10:17:26 AM

One that we use for security applicants... "What is a botnet? Just give a definition."

If that stumps, we go with "Can you name a major computer security breach from the last 12 months?"

And, yes, we had guys that had no clue about Sony, Target, Home Depot, JP Morgan, or any of those guys. Heck, if they had just mentioned a company name at random, we probably would have taken it. If they had said, "Vandelay Industries", we probably would have taken it.

But when you got a guy claiming security experience that doesn't know a botnet or a major breach, you got a guy that's lying on his resume.

dlots · May 05, 2015, 11:32:04 AM

I don't know how you can be in IT in general and not know that stuff :-(

deanwebb · May 05, 2015, 12:53:59 PM

Quote from: dlots on May 05, 2015, 11:32:04 AM
I don't know how you can be in IT in general and not know that stuff :-(

Exactly our thinking.

And exactly the source of our frustration...

Nerm · May 05, 2015, 12:55:44 PM

Quote from: dlots on May 05, 2015, 11:32:04 AM
I don't know how you can be in IT in general and not know that stuff :-(

In my line of work I deal with a lot of other people that work in IT and ask myself that almost daily.

NetworkGroover · May 05, 2015, 04:13:59 PM

Quote from: dlots on May 05, 2015, 11:32:04 AM
I don't know how you can be in IT in general and not know that stuff :-(

I know this is going to sound weird, but for some of us it's not a major concern. I see it on the news, raise an eyebrow, and that's about the end of my interest. When it becomes a concern for me is when I have to figure out how to integrate with the countermeasures put in place to prevent stuff like that from happening.

That said, obviously unless I changed careers and decided to focus on it, I'm not a security guy, nor would I interview for one (I'd avoid it like the plague, actually

).

deanwebb · May 05, 2015, 04:48:29 PM

OH YEAH? ONE DAY, I'LL BE THE BOSS OF YOU AND THEN YOU WILL HAVE TO DO SECURITY!!!!!!~~!!!!!!ELEVEN!!!!!!

But that never happens, so the R&S guys blithely build out beautiful networks and then scream blue murder when the security guy wants to impact his precious bandwidth with netflow or a SPAN port... and the guys exfiltrating the data thank the R&S guys for championing their cause.

Still, not as bad as the developers. How does that icon go again?

Ah yes, the developers... If they built cars, they'd all have solid rocket boosters, no seat belts, airbags, or doors, and racing slick tires.

But back on topic, this should be about interview questions...

"Are you now or have you ever been a developer?"

Otanx · May 05, 2015, 05:11:56 PM

Always find a way it benefits them if you want something. SPAN port? Make sure the R&S guys can access it to troubleshoot. Netflow? Let the R&S guys run reports against it to justify upgrades, or troubleshooting. Syslog forward? Give them access again for troubleshooting. Full packet capture? I couldn't live without one anymore. The R&S guys are more willing to give the security guys access if they get it as well. One of the cool side effects of having a secure network is the network becomes more stable. Which means less calls in the middle of the night.

Staying on topic... hmmm.. nothing really weird, I tend to like open ended questions. Tell me what you know about Layer 1 type of stuff. If they mention something interesting then I will follow that trail for a little. Then go on to the next layer.

-Otanx

Fred · May 05, 2015, 09:41:17 PM

Quote from: AspiringNetworker on May 04, 2015, 10:24:47 AM
Quote from: Fred on April 30, 2015, 08:59:49 PM
One of my favorites is to ask the candidate to diagram a network
While I'd be a little nervous...

That's really the downside of this method. There are some damn good engineers who aren't good at standing up in front of people, even during an interview, and asking them to stand up in front of a whiteboard and explain something makes their nerves go through the roof and you don't get anything good out of them. Sometimes you can put them at ease with a couple easy questions, but other times I've had to back down and find a different way.

QuoteI think I would have much more fun in an interview like that rather than the bullet point ones

Trivia doesn't make a good interview. Sit two experienced network engineers down at a table, and each one can beat the other with trivia questions. Unless you have specific requirements, I don't think it makes sense to ask more than baseline questions. (If you can't explain "botnet" or "what's the difference between EIGRP and OSPF", I'm probably not interested). Trivia does make for a good happy hour bar game once the person is hired, however.

Nerm · May 06, 2015, 07:22:32 AM

This isn't so much an interesting interview question but an interesting response...I once got to sit in on an interview with a potential new server admin. One of the questions "Given an environment with x number of users and x number of servers at your disposal how would you implement Exchange?" was met with the response "If I knew what Exchange was I could probably answer that question a little better." the room went silent for a moment or two lol. Best part was on his resume he had listed "Experienced server admin with over 10 years experience with Microsoft Server" (or something similar as I don't remember word for word all these years later).

icecream-guy · May 06, 2015, 07:34:18 AM

Quote from: Nerm on May 05, 2015, 12:55:44 PM
Quote from: dlots on May 05, 2015, 11:32:04 AM
I don't know how you can be in IT in general and not know that stuff :-(

In my line of work I deal with a lot of other people that work in IT and ask myself that almost daily.

I get all my IT knowledge from CSI Cyber.