Dimension Data Interview Question: During the technical intervie... | Glassdoor

Interview Question

Security Engineer Interview Melbourne, FL

During the technical interview, the second interview asked

 , "How would you configure trace route in a cisco firewall for a group of windows users?" I repeated the question to make sure I heard it correctly, and he responded with, "Windows fundamentally handles trace route differently than Unix does."

Interview Answer

6 Answers


The answer to the question is obviously, You configure ICMP through the cisco appropriate syntax for the windows users. I was thrown off by him saying what he did about Unix and was not even given a chance to actually answer the initial question. so my question is, If you wanted to know the answer to the first question, why would you even ask the second one basically replacing the first question? How is anyone supposed to know which to answer or what the person asking the question is actually looking for?

Interview Candidate on Aug 23, 2012

The problem is that your answer of "You configure ICMP through the Cisco appropriate syntax for the windows users" is incorrect. (Or, at best, incredibly vague.)

It's definitely a fair question.

While Windows uses ICMP for traceroute, it's important to note that Linux technically uses UDP. Therefore, the responses they get from the devices along the path is different, depending on which source device you used to initiate the trace.
As such, the required configuration is equally different on the Cisco device.

For Windows, you'd need an inbound rule allowing icmp time-exceeded.
For Linux, you'd need an inbound rule allowing icmp unreachable.
For both, you'd also need to add an "inspect icmp" statement.

Looking at his question as well as his explanation after you repeated it, it's safe to say that there was nothing wrong with the way he asked it. The problem is that you didn't know the answer.
In fairness though, it IS a trick question that gets asked of all of us, even myself when I applied.

Senior Security Engineer at Dimension Data on Sep 28, 2012

Here is my problem with the question. I know that linux/unix/solaris/AIX all utilize UDP. some of the more modern and updated unix based operating systems do utilize icmp instead of UDP. My issue is not with the fact that he asked this. Yes I did get quite flustered and it threw me off, but had he simply stated how would you configure a cisco firewall for a specific group of windows users, I would have quickly and easily stated that you would create the appropriate network object group containing the subnet(s)/IP(s) of the users and allow icmp time-exceeded. I could have easily sat down in front of a cisco ASA or PIX and had it implemented and working, I would say, easily in less than 15 mins. That would also be dependent on the subtnet(s)/IP(s) that needed to be added after creating the network object group. So yes it is a trick question, and was very confused as it seemed he wanted to know how to configure it for linux/unix, not windows even though that is what he asked. I have worked with numerous network devices from numerous vendors and so the exact syntax for each one sometimes escapes me, but I am more than technically competent enough to find the syntax and implement it with no help. I guess the most insulting part of the interview process is that based off of this interview, the recruiter stated, "You are just average, and we need someone that is exceptional. so we can't proceed with your submission." That is a direct quote. I have made it further in my career with no degree, minimal college education and through my blood, sweet and tears, metaphorically, in less time than most hope to with a bachelors degree. I work with SMEs and collegues with 15+ years experience as their equal. That is not "Just average." I have written SLAs, OLAs, technical manuals, disaster recovery plans, training plans, training material, and numerous other things for the DoD, TSA, Banks, and municipalities. I have been working on global networks for over 5 years as well. I have solved problems that engineers with at least twice as much experience as myself, that they were unable to solve. I have run into issues that have stumped Microsoft themselves for over two weeks. If this is the career of an "Average" engineer, then by all means, I am just average.

Sean Weeks on Sep 28, 2012

It's unfortunate that the way you were dismissed was a little bit unprofessional and seemingly misinformed. Also, in fairness, it's probably never a good idea to tell a candidate that they're "just average", even in cases where they really are.
For what it's worth, I'd like to apologize on behalf of DD (as much as I'm technically allowed to do so) for the way it was handled.

However, regarding the original point, the interview itself is specifically designed to fluster you. We actually expect most people to get this particular question wrong. The idea is not for us to see if you know it all but more specifically how you deal with questions you don't know the answer to. (Bonus points if you DO know, obviously.)

We certainly don't expect candidates to know everything offhand, we just like to see whether or not you're going to try to BS your way through an answer.
Since I wasn't on this particular call, I have no idea how it went for you but I can guarantee that the decision wasn't based on this question alone but was more likely an overall view of your skills based on all of your answers.

I do realize that it's no picnic when you're on the phone but for the most part, they do try to take that into consideration. (I was hired over the phone as well, all the way from South Africa.)

Senior Security Engineer at Dimension Data on Sep 28, 2012

I do understand what you have said, and I greatly appreciate the apology. I was very excited about this opportunity. I believe based off my experience and my knowledge of the position that I would have been a great asset to the team. I honestly do not know why the engineers I interviewed with or the recruiter would have felt the way the recruiter did. I know that the engineers I spoke with told me that the recruiter would call me with the next steps and I answered every question that they asked, except the afore mentioned question. The following link is my linkedin profile (http://www.linkedin.com/profile/view?id=10589063&trk=tab_pro). This is about all I can say. I was excited and looking forward to the opportunity, but obviously I was not considered. Thank you for your time, response, and consideration. I wish you the best.

Sean Weeks on Sep 28, 2012

In window you use tracert which works with icmp echo and reply message and in cisco environment you use traceroute command undp as well as icmp. But you have to configure for firewall to allow icmp replies

Beast_Hustle on Feb 14, 2016

Add Answers or Comments

To comment on this, Sign In or Sign Up.