Complete BT & Fortinet Interview Preparation Guide
BT values | FortiGate | SD-WAN | IPsec/IKE | ADVPN | BGP | STAR answers
Questions are blue and answers are green.
Configuration snippets have been removed; this is focused on interview explanations and revision.
1. BT Core Values, Behaviours & STAR Technique
QUESTION: What are BT’s core values?
ANSWER: BT commonly focuses on being Personal, Simple and Brilliant: putting people first, keeping things clear, and delivering high standards.
QUESTION: What does Personal mean?
ANSWER: It means being customer focused, taking ownership, communicating with empathy, and understanding the impact on users and the business.
QUESTION: What does Simple mean?
ANSWER: It means making technical information easy to understand, avoiding unnecessary complexity, and choosing practical solutions.
QUESTION: What does Brilliant mean?
ANSWER: It means aiming for high standards, continuous improvement, innovation, and delivering reliable outcomes.
QUESTION: What behaviours should you show in interview answers?
ANSWER: Ownership, collaboration, clear communication, calmness under pressure, customer focus, continuous learning, and accountability.
QUESTION: How do you use STAR to answer a technical question?
ANSWER: Start with the Situation, explain your Task, describe the technical Actions you personally took, then close with the Result and business impact.
QUESTION: How should you start a technical STAR answer?
ANSWER: Open with a brief context sentence, for example: “In my previous role, we had an intermittent WAN issue affecting branch connectivity. My responsibility was to identify the cause and restore stable service.”
QUESTION: Give me a time when you showed BT values or behaviours.
ANSWER: Use a real incident where you took ownership, simplified a complex issue for others, worked with another team, and delivered a clear customer or business outcome.
Example Answer:
Forcepoint proxies were deployed in the Datacentres and were causing user to server drops.
My task was to Assist the design team and act as the bridge between internal teams.
Immediately I started by reviewing the history of the forcepoints from deployment to issue.
I then began checking the logs to determine what was causing the user service drops. Ultimately what stood out was the high resource usage before the drops. From the firewalls, it appeared that tcp ports were being exhausted. Further checks on the proxies revealed that the TNCs throttle net connections were maxing out. Then logs began showing extensive waiting times to the Active Directory domain controllers (Beyond 5000ms). This was causing loads of retransmits and rendering the box useless.
At which point I had to speak with Fujitsu to convince them that the server respond to authentication requests were taking too long.
I also had to explain to the customer in a simple but effective manner that immediate actions includes, RODCs near the proxies and within the same routing domain and layer broadcast.
2. Current / Recent Cyber Threats
QUESTION: What is ransomware?
ANSWER: Ransomware is malware that encrypts data or systems and demands payment for recovery. Common entry points include phishing, exposed remote access, weak credentials and vulnerable VPNs.
QUESTION: What is a Man-in-the-Middle attack?
ANSWER: A MITM attack is where an attacker intercepts traffic between two parties to steal, modify or replay data. HTTPS, VPNs, certificate validation and strong authentication help reduce this risk.
QUESTION: What is phishing?
ANSWER: Phishing uses fake emails, websites or messages to trick users into revealing credentials, opening malicious attachments, or approving fraudulent access.
QUESTION: What is a supply chain attack?
ANSWER: A supply chain attack targets a trusted third party, software update, vendor or integration to gain access to a larger organisation.
QUESTION: What is credential stuffing?
ANSWER: Credential stuffing uses leaked username and password combinations against other services, relying on password reuse.
3. FortiGate Fundamentals
QUESTION: What is FortiGate?
ANSWER: FortiGate is Fortinet’s Next-Generation Firewall platform. It provides firewalling, VPN, SD-WAN, IPS, antivirus, web filtering, application control, HA and Security Fabric integration.
QUESTION: What is FortiOS?
ANSWER: FortiOS is the operating system that runs on FortiGate firewalls.
QUESTION: What does UTM stand for?
ANSWER: Unified Threat Management: multiple security functions such as antivirus, IPS, web filtering and application control in one platform.
QUESTION: What is a Next-Generation Firewall?
ANSWER: An NGFW is a firewall with application awareness, identity awareness, deep packet inspection, IPS and threat intelligence integration.
QUESTION: What are default FortiGate credentials?
ANSWER: Common initial access is admin with a blank password on factory default units. In real environments, defaults must be changed immediately.
QUESTION: How do you initially access a FortiGate?
ANSWER: Connect to the management or port1 interface, set your laptop in the correct subnet, then use HTTPS or SSH depending on enabled access.
QUESTION: What is a firewall policy?
ANSWER: A policy that allows or denies traffic based on source interface, destination interface, source, destination, service, schedule, NAT and security profiles.
QUESTION: Difference between stateful and stateless firewall?
ANSWER: A stateful firewall tracks connection state and return traffic. A stateless firewall filters packets individually without session awareness.
QUESTION: Name key FortiGate features.
ANSWER: Firewall, IPsec VPN, SSL VPN, SD-WAN, IPS, antivirus, web filtering, application control, HA, logging, ZTNA and Security Fabric.
QUESTION: What is FortiGuard?
ANSWER: Fortinet’s threat intelligence and update service used for signatures, web filtering categories, antivirus, IPS and reputation feeds.
QUESTION: What is Security Fabric?
ANSWER: Fortinet’s integrated security architecture that connects security products to provide visibility, automation and coordinated response.
QUESTION: What is high-level packet flow in FortiGate?
ANSWER: Ingress interface → session lookup → routing → policy lookup → security inspection → NAT → egress interface. Existing sessions use the session table for faster processing.
QUESTION: What are VDOMs?
ANSWER: Virtual Domains allow a single FortiGate to operate as multiple logical firewalls with separate routing and policies.
QUESTION: What is FGCP?
ANSWER: FortiGate Clustering Protocol, used for FortiGate High Availability clustering (TCP port 702).
QUESTION: Explain NAT in FortiGate.
ANSWER: FortiGate supports source NAT, destination NAT (using VIPs), port forwarding and IP pools.
QUESTION: What is a Security Profile?
ANSWER: Reusable inspection profiles (antivirus, IPS, web filter, application control, SSL inspection, DNS filter) applied to firewall policies.
QUESTION: Difference between NAT mode and Transparent mode?
ANSWER: NAT/Route mode operates at Layer 3 with routing. Transparent mode acts like a Layer 2 bridge while applying security inspection.
QUESTION: What are the two inspection modes?
ANSWER: Flow-based (faster, packet-flow oriented) vs Proxy-based (deeper inspection, higher resource usage).
QUESTION: What is SSL Deep Inspection?
ANSWER: Decrypts encrypted traffic for inspection then re-encrypts it. Requires installing the FortiGate CA certificate on endpoints.
QUESTION: Difference between FortiManager and FortiAnalyzer?
ANSWER: FortiManager = central management & configuration. FortiAnalyzer = logging, reporting and analytics.
QUESTION: What are session helpers?
ANSWER: Helpers for protocols that use dynamic ports (e.g. FTP, SIP).
QUESTION: What is Automation Stitch?
ANSWER: Trigger-and-action automation (e.g. isolate a host on detection of an event).
QUESTION: Best practice for firewall policy order?
ANSWER: Specific rules above broad rules. Use groups, clear naming, and regularly clean up unused rules.
4. SD-WAN Deep Dive
QUESTION: What is SD-WAN and why is it used?
ANSWER: Software-Defined WAN intelligently steers traffic across multiple links (internet, MPLS, LTE) for better performance, resilience and cost savings.
QUESTION: Explain underlay vs overlay in Fortinet SD-WAN.
ANSWER: Underlay = physical transports. Overlay = logical IPsec tunnels built on top.
QUESTION: What are SD-WAN zones and members?
ANSWER: Zones = logical groups. Members = physical or tunnel interfaces assigned to zones.
QUESTION: What are Performance SLAs?
ANSWER: Health checks measuring latency, jitter and packet loss to select the best path.
QUESTION: What is ADVPN?
ANSWER: Auto-Discovery VPN – dynamically creates direct spoke-to-spoke tunnels.
QUESTION: Traditional hub-spoke vs ADVPN?
ANSWER: Traditional forces spoke-to-spoke traffic via hub. ADVPN creates direct shortcuts.
QUESTION: What is ZTNA?
ANSWER: Zero Trust Network Access – identity-aware, least-privilege application access.
QUESTION: What is SASE?
ANSWER: Secure Access Service Edge = SD-WAN + cloud security (SWG, ZTNA, CASB, FWaaS).
5. Hub VPN Configuration Concepts
QUESTION: Why does the ADVPN hub use remote-gateway as dialup-user?
ANSWER: The hub doesn’t know all spoke public IPs in advance (dynamic broadband/LTE). Dial-up mode accepts dynamic peers.
QUESTION: Why is dial-up mode important for SD-WAN and ADVPN?
ANSWER: Better scalability – new spokes can connect without static configuration on the hub.
6. Spoke VPN Configuration Concepts
QUESTION: What triggers an ADVPN shortcut tunnel?
ANSWER: Spoke-to-spoke traffic. Initial packets may go via hub, then direct tunnel is built.
QUESTION: Why is BGP commonly paired with ADVPN?
ANSWER: BGP dynamically advertises routes and next-hop information across the overlay. It is more scalable and policy-rich than OSPF for SD-WAN overlays.
7. IKE and IPsec VPN Concepts
QUESTION: Why use IKEv2 over IKEv1?
ANSWER: More efficient, stable, better NAT traversal, MOBIKE support, and modern cryptography.
QUESTION: What is MOBIKE?
ANSWER: Mobility and Multihoming Protocol – allows tunnel to survive IP address changes.
QUESTION: What are IPsec Phase 1 and Phase 2?
ANSWER: Phase 1 = secure control channel. Phase 2 = data encryption SAs.
QUESTION: Difference between encryption and hashing?
ANSWER: Encryption = confidentiality. Hashing = integrity & authentication.
QUESTION: Why AES-256 + SHA-256?
ANSWER: Strong, modern, and efficient combination.
8. Diffie-Hellman, PFS, SAs and Lifetimes
QUESTION: What are Diffie-Hellman groups used for?
ANSWER: Secure key exchange without sending keys over the network.
QUESTION: What is PFS (Perfect Forward Secrecy)?
ANSWER: Forces new DH exchange in Phase 2 for fresh keys on every SA.
QUESTION: What is an SA?
ANSWER: Security Association – set of parameters (algorithms, keys, SPI, lifetime) for VPN protection.
QUESTION: Default lifetimes?
ANSWER: Phase 1: 28,800 seconds (8 hours). Phase 2: 3,600 seconds (1 hour).
9. Recursive Routing and BGP
QUESTION: What does “recursive via Site01_DIA tunnel” mean?
ANSWER: The BGP next-hop is not directly connected, so the router does another lookup to resolve it through the tunnel interface.
QUESTION: Why is recursive routing common in SD-WAN?
ANSWER: Overlay tunnels use logical next-hops that need resolution to physical/underlay paths.
10. BGP Fundamentals in SD-WAN
QUESTION: Why is iBGP preferred in SD-WAN overlays?
ANSWER: Scalable, excellent policy control, works well with route reflectors, and avoids link-state flooding.
QUESTION: Why establish BGP before SD-WAN policies?
ANSWER: SD-WAN needs valid routes in the routing table before it can steer traffic.
11. Behavioural / STAR Questions
QUESTION: Give me a time when you demonstrated ownership…
QUESTION: Tell me about a time you simplified a complex technical issue…
QUESTION: Describe a situation where you worked collaboratively…
QUESTION: Tell me about a time you handled pressure during an outage…
QUESTION: Describe a mistake you made…
QUESTION: Give me a time when you improved a technical process…
(Use the detailed examples provided in your notes for these behavioural questions.)
Good luck with your BT / Fortinet interviews!
Focus on clear communication, technical depth where needed, and always tie answers back to business impact.