5 exercises — choose the best-structured answer to common Network Engineer interview questions covering DNS resolution, transport protocols, TLS handshake, BGP, and CDN architecture.
Structure for Network Engineer answers
Tip 1: For "URL in browser" — trace ALL 8 stages: DNS, TCP, TLS, HTTP, server, response, render, keep-alive
Tip 2: TCP vs UDP: name specific UDP use cases (WebRTC, DNS, QUIC) with rationale
Tip 3: For TLS 1.3: 1-RTT, 0-RTT, mandatory ECDHE (forward secrecy) are the key improvements
Tip 4: CDN: mention anycast routing, cache hit/miss, origin shield, and TLS termination at edge
0 / 5 completed
1 / 5
The interviewer asks: "What happens when you type a URL into a browser and press Enter?" Which answer best demonstrates full-stack networking knowledge?
Option B is strongest because it traces all eight stages with precise technical vocabulary. Key structure: DNS (cache → resolver → root → TLD → authoritative) → TCP 3-way handshake → TLS handshake (ECDHE) → HTTP GET → load balancer → response (gzip) → browser render (DOM → CSSOM → layout → paint) → keep-alive/HTTP2. Option A is a non-technical description. Option C skips DNS, TLS, and rendering. Option D only covers two steps.
2 / 5
The interviewer asks: "What is the difference between TCP and UDP, and when would you use UDP?" Which answer best demonstrates transport layer expertise?
Option B is strongest because it defines both protocols with concrete technical attributes and gives specific, justified use cases for UDP including QUIC. Key structure: TCP: reliable/ordered/flow-controlled → UDP: connectionless/no delivery guarantee → use UDP for: real-time media (WebRTC/FEC), DNS, gaming, QUIC/HTTP3. Option A is correct but superficial. Option C lists common uses but does not explain the reasoning. Option D is incorrect (UDP also has a checksum).
3 / 5
The interviewer asks: "Explain how TLS works and what TLS 1.3 improved." Which answer best demonstrates cryptographic protocol knowledge?
Option B is strongest because it describes the full TLS handshake process, certificate verification, and precisely enumerates TLS 1.3 improvements: 1-RTT, 0-RTT, mandatory forward secrecy, and removal of weak suites. Key structure: ClientHello → ServerHello+cert → ECDHE → session keys (AES-GCM) → cert chain + OCSP → TLS 1.3: 1-RTT, 0-RTT, mandatory ECDHE, no RC4/MD5. Option A is a correct but minimal description. Option C misidentifies the reason for TLS 1.3's speed. Option D describes asymmetric encryption for every message, which is wrong (only the key exchange uses asymmetric).
4 / 5
The interviewer asks: "What is BGP and why does it matter for cloud networking?" Which answer best demonstrates internet routing knowledge?
Option B is strongest because it defines BGP as an inter-AS protocol, connects it to real cloud networking use cases (Direct Connect/ExpressRoute), security concerns (BGP hijacking), multi-cloud routing, and anycast. Key concepts: inter-AS routing, autonomous system, BGP session, prefix announcement, Direct Connect/ExpressRoute, BGP hijacking, anycast. Option A is incorrect (BGP is routing, not a firewall). Option C is incorrect (cloud VPCs use BGP at their perimeter). Option D is partially correct in definition but wrong about scope (BGP operates between networks, not within a single data centre).
5 / 5
The interviewer asks: "What is a CDN and how does it work technically?" Which answer best demonstrates CDN architecture knowledge?
Option B is strongest because it explains anycast routing, edge caching (hit/miss), cache-control headers, tag-based invalidation, TLS termination at edge, and origin shield. Key structure: PoPs → anycast BGP → edge cache (hit/miss) → Cache-Control/Surrogate-Control → tag-based purge → TLS termination at edge → origin shield → dynamic acceleration over CDN backbone. Option A is a correct but surface-level description. Option C misidentifies the provider and omits all technical mechanisms. Option D describes load balancing within one location, which is not CDN.