IT technician interviews test more than your technical knowledge. Employers want to know how you diagnose problems under pressure, communicate with non-technical users, and keep up with a fast-moving field. This guide covers 45 of the most common IT technician interview questions — with sample answers you can adapt to your own experience.
What Does an IT Technician Do?
An IT technician is responsible for maintaining and supporting an organisation’s computer systems and networks. Core responsibilities typically include:
- Installing, configuring, and maintaining hardware and software
- Diagnosing and resolving technical issues for end-users
- Managing network connectivity and access controls
- Supporting cybersecurity practices and user awareness
- Documenting procedures and maintaining IT asset records
- Escalating complex issues to senior engineers when appropriate
The interview questions below reflect all of these areas.
Section 1: General and Background Questions
1. Tell me about your IT background and what led you to this role.
What they want to know: Your path into IT, what motivates you, and whether your experience matches their environment.
Sample answer: “I started with self-taught hardware repair before completing my CompTIA A+ certification. My first role was desktop support at a 200-person logistics company, where I managed everything from PC builds to network cabling. I moved into a second-line support role and gained experience with Active Directory, SCCM, and endpoint security tools. I enjoy the problem-solving aspect — no two tickets are identical — and I’m now looking for a role where I can take on more infrastructure responsibility.”
2. What certifications do you currently hold, and what are you working toward?
Sample answer: “I hold CompTIA A+, Network+, and Security+. I am currently working toward the Microsoft Azure Fundamentals (AZ-900) certification because cloud and hybrid environments are where most enterprise IT is heading, and I want to be confident supporting those workloads.”
3. How do you stay current with changes in technology?
Sample answer: “I follow a small number of sources consistently: the SANS reading room for security updates, the Spiceworks community for practical IT discussions, and vendor release notes for the platforms I work with. I also set up a home lab where I can test configurations before recommending them in a live environment. The combination of formal sources and hands-on testing keeps my knowledge practical, not just theoretical.”
4. Describe your experience with ticketing systems.
Sample answer: “I have worked with Jira Service Management, Freshservice, and Zendesk. My approach is to keep tickets detailed from the first entry — symptoms, environment, steps taken, resolution — so that if the issue recurs or gets escalated, the next person has full context. I also track my own resolution times and patterns to identify recurring issues worth turning into knowledge base articles.”
5. What is your experience level — and how do you handle issues outside your current knowledge?
Sample answer: “I am experienced at first and second-line support, with growing third-line exposure. When I encounter something outside my current knowledge, my process is: reproduce the issue in an isolated environment if possible, search vendor documentation and known issues before going to forums, document what I have tried, and escalate with a clear summary of the issue and steps taken. I do not guess at production environments.”
Section 2: Operating Systems and Hardware
6. What desktop operating systems are you most experienced with?
Sample answer: “Windows 10 and 11 in enterprise environments are my primary experience — group policy, Windows Update for Business, and Microsoft Intune for MDM. I also support macOS for our design and executive users, which means working across two different management stacks. I have working knowledge of Ubuntu Linux for server-side tasks and developer workstations.”
7. A user’s PC is slow. Walk me through how you diagnose it.
Sample answer: “I start with the quick checks: Task Manager for CPU, memory, and disk usage — a disk at 100% is often the culprit, especially on older HDDs. I check startup items and recently installed software. I run a malware scan. If hardware is suspect, I check Event Viewer for disk errors and run a health check on the drive. If it is software-related, I check for Windows Update issues or driver conflicts in Device Manager. The goal is to narrow it to a category — hardware, software, malware, or user behaviour — before committing to a fix.”
8. How do you handle a PC that will not POST?
Sample answer: “No POST means the issue is hardware, BIOS, or power-related before the OS even loads. I check the basics first: power connections, RAM seating, display connection. I clear the CMOS if there may have been a BIOS issue. I remove non-essential peripherals and try a minimal boot — just CPU, one RAM stick, and a known-good display. If the system beeps, I use the beep codes for the board manufacturer to narrow the fault. If it is a dead power supply or failed CPU, I swap to confirm before ordering parts.”
9. What is the difference between a 32-bit and 64-bit operating system, and why does it matter?
Sample answer: “A 64-bit OS can address more than 4GB of RAM — essential for modern workloads. It also runs both 32-bit and 64-bit applications, while a 32-bit OS cannot run 64-bit software. In practice, this matters when installing software that requires 64-bit, troubleshooting memory issues on workstations with 8GB or more, and ensuring compatibility of legacy applications in virtual machines.”
10. How do you build and deploy a PC image across multiple machines?
Sample answer: “I use Windows Deployment Services (WDS) or Microsoft SCCM for imaging. The process is: prepare a reference machine, install and configure the OS and required software, run Sysprep to generalise the image, capture it, and deploy via PXE boot. For smaller deployments I have used Clonezilla for direct imaging. The key is keeping images lean and pushing software via MDM or software centre rather than baking everything into the image — that way the base image stays maintainable.”
11. How do you manage software updates across a fleet of endpoints?
Sample answer: “In a managed environment I use SCCM or Intune to control patch deployment. I follow a ring-based approach: pilot group first (IT and early adopters), then broader rollout after a week of stability monitoring. Critical security patches go faster — typically within 48–72 hours of release after a quick test. I never push untested updates directly to production and always monitor for rollback signals in the first 24 hours post-deployment.”
12. A user’s keyboard and mouse suddenly stop working. What do you check?
Sample answer: “First, rule out the obvious: check USB connection, try a different port, try a different keyboard or mouse. If wireless, check batteries and USB receiver. In Windows, check Device Manager for driver errors. If it is post-Windows update, roll back the relevant driver. If only one specific user profile is affected, the issue may be profile corruption rather than hardware. Remote desktop or a secondary input method can help diagnose while keeping the user productive.”
13. What is your process for data backup before working on a user’s machine?
Sample answer: “Before any significant work — OS reinstall, hardware swap, major update — I confirm what data the user has that is not already backed up to a network share or cloud service. I copy it to a known-good location, verify the files opened correctly, and only then proceed. I also check whether the machine is in scope for our backup solution and when the last successful backup ran. I never assume the user’s description of ‘everything is backed up’ is accurate.”
Section 3: Networking
14. Can you explain the OSI model and why it is useful for troubleshooting?
Sample answer: “The OSI model has seven layers: Physical, Data Link, Network, Transport, Session, Presentation, Application. In troubleshooting, it gives you a structured way to isolate a problem. If a user cannot reach any website but the physical link is up, I start at Layer 3 — can they ping the default gateway? If not, it is a network layer issue. If they can ping Google by IP but not by name, it is a DNS issue at Layer 7. Working up or down the model stops you jumping to solutions before you have located the fault.”
15. What is DHCP, and what do you do when a user receives an APIPA address?
Sample answer: “DHCP automatically assigns IP addresses to devices on the network. An APIPA address (169.254.x.x) means the device tried to get an IP from DHCP and failed — it self-assigned a link-local address instead. Steps: check physical connection, run ipconfig /release and ipconfig /renew, check whether the DHCP server is reachable, verify the scope is not exhausted, and check whether the issue affects one device or many. Multiple devices with APIPA suggests the DHCP server or network segment is the problem.”
16. What is DNS, and how would you troubleshoot a DNS resolution failure?
Sample answer: “DNS translates domain names into IP addresses. For a resolution failure I start with nslookup [domain] to test against the configured DNS server. I compare results using an external server like 8.8.8.8. If internal DNS resolves but external does not, the forwarder configuration is likely the issue. If neither resolves, I check whether the DNS server service is running and whether the client’s DNS settings are correct. I also check for split-horizon DNS misconfigurations in environments where internal and external resolution differ.”
17. What is the difference between TCP and UDP?
Sample answer: “TCP is connection-oriented — it establishes a session, guarantees delivery, and retransmits lost packets. UDP is connectionless — it sends data without confirmation of receipt. TCP is used where accuracy matters (web browsing, email, file transfers). UDP is used where speed matters more than reliability (DNS queries, video streaming, VoIP). In practice, knowing which protocol an application uses helps narrow down firewall rules and performance issues.”
18. Describe how you would set up a new user’s network access.
Sample answer: “I create the user account in Active Directory, assign them to the appropriate security groups based on their role, configure their email in Exchange or Microsoft 365, ensure their machine is joined to the domain, and verify they can authenticate and access the shared drives they need. I also confirm VPN access if they work remotely, apply the correct Intune or GPO policies to their device, and walk through the setup with them at the end.”
19. What tools do you use to diagnose network connectivity issues?
Sample answer: “Standard toolkit: ping for basic reachability, tracert/traceroute to identify where packets drop, nslookup or dig for DNS, ipconfig/ifconfig for interface status, and netstat for active connections and listening ports. For deeper analysis I use Wireshark for packet capture when I need to see exactly what is traversing the wire. For infrastructure-level issues I use SNMP monitoring tools or the switch/router management interface to check port status and error counters.”
20. What is a VLAN and when would you use one?
Sample answer: “A VLAN is a logically segmented network within the same physical infrastructure. You use VLANs to isolate traffic for security or performance reasons — for example, separating guest Wi-Fi from the corporate network, isolating VoIP traffic to guarantee quality, or segmenting IoT devices that should not have access to file servers. In practice I configure VLAN tagging on managed switches and ensure trunk ports carry the correct VLAN tags between switches and the router.”
Section 4: Troubleshooting Scenarios
21. A user says “the internet is not working.” Walk me through your process.
Sample answer: “I confirm what they mean — can they reach any sites, or just specific ones? If nothing works: check physical connection, confirm IP address is valid (not APIPA), ping the default gateway, then ping 8.8.8.8. If the gateway ping fails, it is a local network issue. If 8.8.8.8 succeeds but websites do not load, it is DNS. If a specific site fails, it may be blocked or down. I check whether the issue is isolated to one user or broader, which determines whether I troubleshoot the endpoint or escalate to the network team.”
22. A user’s Outlook keeps crashing. What is your diagnostic process?
Sample answer: “I check the Event Viewer application log for crash details and note any add-ins mentioned. I start Outlook in safe mode (outlook /safe) to isolate whether an add-in is causing it. If safe mode is stable, I disable add-ins one by one. I also check for a corrupt profile by creating a new Outlook profile. If the issue is organisation-wide, it is likely a recent update — I check the version against known issues in the Microsoft Update History and roll back if needed.”
23. A printer that was working yesterday is now offline. How do you resolve it?
Sample answer: “Check the obvious first: is the printer physically on and connected? Can other users print to it? In the print queue, clear any stuck jobs. In Devices and Printers, verify the printer is set to online. Check the printer’s IP has not changed — network printers occasionally get a new DHCP lease that the driver does not know about. If the IP changed, update the port in printer properties. If the printer driver is the issue, remove and reinstall it. For a shared printer, check that the print spooler service is running on the print server.”
24. A user says files they saved to the network drive yesterday are gone. What do you do?
Sample answer: “Do not panic and do not start recovering immediately — gather facts first. I confirm which path they saved to, check whether they are mapped to the correct share, and look at whether the files may have been moved rather than deleted. I check the Recycle Bin on the share, and if files are genuinely gone, I check when the last successful backup ran and restore from there. I document the incident and investigate root cause — accidental deletion, permissions issue, or sync conflict are the most common causes.”
25. A Windows update has broken a line-of-business application. What is your approach?
Sample answer: “Confirm it is the update causing the issue — check Event Viewer for application errors timed with the update, and verify with the application vendor’s release notes or community forums. Roll back the specific update via Settings > Windows Update > Update History if needed. Deploy the rollback via SCCM to affected machines. Pause updates in the pilot ring, test the next update before broader rollout, and liaise with the software vendor about compatibility. Document the issue and set a review date to apply the update once the conflict is resolved.”
26. How do you handle a user who insists they have not changed anything, but something is broken?
Sample answer: “I do not argue about it. I focus on the symptom, not the cause. I ask what they were doing right before they noticed the problem — often a useful clue emerges without them realising. I check recent browser history, installed applications, Windows event logs with a timestamp filter, and update history. Most of the time the cause becomes clear. Even if I cannot identify the exact change, finding the fix matters more than assigning blame.”
27. A new laptop has no audio output. How do you troubleshoot it?
Sample answer: “Check the obvious: volume not muted, correct output device selected. In Device Manager, check whether the audio adapter is detected and whether there are any driver errors. If the device is missing, check whether it was disabled in BIOS. Run Windows Troubleshooter as a quick automated check. If the driver shows errors, uninstall and reinstall from the manufacturer’s site — not Windows Update. Test with headphones versus speakers to rule out hardware versus driver. If a fresh driver install does not resolve it on a new laptop, log it as a warranty issue.”
28. A user reports their laptop battery drains in under an hour. What do you advise?
Sample answer: “First, check the battery health: powercfg /batteryreport in CMD generates a detailed report including capacity versus design capacity. If capacity is significantly degraded (below 60–70% of design), the battery needs replacement — this is a hardware issue, not software. If capacity is fine, check power settings, identify apps with high battery drain in Task Manager, and look for malware or cryptocurrency miners running in the background. If the laptop is under warranty and the battery is new, process a hardware warranty claim.”
Section 5: Security
29. A user receives an email asking them to click a link and enter their credentials. What do you do?
Sample answer: “This is a phishing attempt. I tell the user not to click the link and not to enter any credentials. If they already did, I immediately reset their password, revoke active sessions (especially in Microsoft 365 or Google Workspace), and check the account activity log for any suspicious logins or forwarding rules. I report the phishing email to the security team and submit it to the email gateway for blocking. I also document the incident and follow the organisation’s incident response procedure.”
30. What steps would you take to secure a new workstation before deploying it?
Sample answer: “Join the domain and apply Group Policy. Ensure Windows Defender or the organisation’s endpoint protection is active and updated. Apply all current security patches. Disable unnecessary services. Ensure BitLocker encryption is enabled and the recovery key is escrowed. Configure the local admin account using LAPS. Remove or disable built-in accounts that are not needed. Verify the MDM/Intune profile is applied. Run a baseline vulnerability scan before deployment.”
31. What is multi-factor authentication and why is it important?
Sample answer: “MFA requires users to verify identity using two or more factors: something you know (password), something you have (authenticator app or hardware token), or something you are (biometrics). It is critical because passwords alone are easily compromised — through phishing, credential stuffing, or reuse from breached services. With MFA in place, an attacker who has a user’s password still cannot access the account without the second factor. It is the single most effective control against account takeover.”
32. What is BitLocker and when would you enforce it?
Sample answer: “BitLocker is Windows full-disk encryption. I enforce it on all laptops and any portable devices that leave the office — the threat model is physical loss or theft. On a locked, encrypted device, a stolen laptop’s data is unreadable without the recovery key. In a managed environment I configure BitLocker through Group Policy or Intune, escrow recovery keys to Active Directory or Azure AD, and audit compliance via SCCM or Intune reporting. Desktops in physically secure environments are lower priority but still worth encrypting if they hold sensitive data.”
33. How do you respond if you suspect a machine is infected with malware?
Sample answer: “Isolate the machine from the network immediately — unplug the network cable or disable Wi-Fi — to prevent lateral movement or data exfiltration. Do not shut down the machine if at all possible; some malware artefacts exist only in memory. Escalate to the security team for forensic analysis. Run a full scan with the endpoint protection tool in safe mode. Check recently created or modified files, scheduled tasks, and startup entries. If the machine cannot be cleaned confidently, reimage it from a known-good baseline. Document the full incident timeline.”
34. What is least-privilege access and how do you apply it?
Sample answer: “Least privilege means users and accounts have the minimum permissions needed to do their job — no more. In practice: standard user accounts for daily work, separate admin accounts for IT staff that are used only for administrative tasks, and service accounts with permissions scoped to exactly what the service requires. I review group memberships regularly and remove access that is no longer needed. It limits the blast radius of any account compromise — a phished standard user account can do far less damage than a domain admin account.”
35. What is your process for handling a suspected data breach?
Sample answer: “Follow the incident response plan: contain first (isolate affected systems), then assess (what data was exposed, how, for how long), then notify (inform the security team and management immediately; legal/DPO if personal data is involved under GDPR timelines). Preserve evidence — logs, system images — before making changes. Document every step with timestamps. After containment, conduct a root cause analysis and implement controls to prevent recurrence. Speed of containment matters; completeness of documentation matters equally for the post-incident review.”
Section 6: Cloud and Remote Support
36. What experience do you have with Microsoft 365 administration?
Sample answer: “I manage Microsoft 365 for approximately 150 users — including Exchange Online (mailboxes, distribution lists, shared mailboxes, email routing rules), Teams (policy configuration, guest access), SharePoint and OneDrive permissions, and Intune for MDM. I use the M365 Admin Centre and PowerShell for bulk operations. I have experience with conditional access policies in Entra ID (formerly Azure AD) and setting up MFA enforcement across the tenant.”
37. What is the difference between Microsoft Azure and Microsoft 365?
Sample answer: “Microsoft 365 is a productivity suite — email, Teams, Office apps, and cloud storage. Azure is a cloud computing platform — it provides infrastructure services like virtual machines, storage, databases, networking, and PaaS services for application development. They integrate (Azure AD/Entra ID underpins M365 identity) but serve different purposes. Most IT technician roles involve M365 administration; Azure knowledge is increasingly valued for roles that touch hybrid identity, virtual desktop infrastructure, or cloud-based file services.”
38. How do you support users working remotely?
Sample answer: “I provide remote support via tools like TeamViewer, AnyDesk, or Microsoft Quick Assist. For remote-first issues, I start with a call to understand symptoms before connecting — some issues resolve faster with user guidance than a remote session. For persistent access, I ensure VPN is working, that split-tunnel vs. full-tunnel is configured correctly for their role, and that MFA is enrolled. I also audit that remote workers’ machines are patched and their endpoint protection is current, since they are outside the corporate network perimeter.”
39. What is a VPN and how does it work?
Sample answer: “A VPN (Virtual Private Network) creates an encrypted tunnel between a user’s device and the corporate network, allowing secure access to internal resources as if the user were in the office. Traffic is encrypted between the client and the VPN server, protecting data in transit on untrusted networks like home broadband or public Wi-Fi. In enterprise environments I configure VPN clients (Cisco AnyConnect, GlobalProtect, or Windows built-in VPN), manage split-tunnel policies, and troubleshoot connection issues by checking authentication, certificate validity, and firewall rules at both ends.”
40. A remote user cannot connect to the VPN. How do you troubleshoot it?
Sample answer: “I check five things in order: Is their internet connection working at all (can they browse)? Is the VPN client updated to the current version? Are their credentials and MFA working (have they recently changed their password)? Is the VPN gateway reachable (ping the VPN host from outside)? Are there any firewall rules on their home router blocking the VPN port? If all of those check out and the issue persists, I collect VPN client logs, check the VPN server logs for authentication or tunnel errors, and escalate with that data.”
Section 7: Soft Skills and Behavioural Questions
41. Tell me about a time you explained a technical issue to a non-technical user.
Sample answer: “A finance director could not understand why she could not access a shared folder after a permissions change. Rather than explaining Active Directory groups, I used an analogy: the folder is a locked room, and her key ring had been updated to include new keys but not all the old ones transferred correctly. I showed her what she could and could not access, fixed the missing permission, and walked her through how to tell me if it happened again. She left with a solution and enough understanding to notice a recurrence — which is the goal.”
42. Describe a time you had to deal with a frustrated user.
Sample answer: “A user called in about a recurring issue with his laptop — it had crashed twice in a week and he had lost work the second time. He was genuinely upset and felt let down by IT. I listened without interrupting, acknowledged that losing work is unacceptable and that the repeat failure was our problem to solve, not his. I prioritised his ticket, escalated to get him a loan machine the same day, and personally followed up with the root cause (a failing hard drive we had flagged but not acted on fast enough) and what we had changed to prevent it. He sent a note to my manager after. The technical solution was straightforward; taking his frustration seriously was what mattered.”
43. How do you prioritise when you have multiple urgent tickets at once?
Sample answer: “I use a two-axis assessment: business impact and number of users affected. A broken payment terminal during trading hours takes priority over a slow PC for one user. Within equal-priority tickets, I start with the one I can resolve fastest — clearing that frees me to focus fully on the harder problem. I also communicate proactively: if a user knows I have their ticket and when I expect to reach them, they can keep working and they do not need to chase. Most prioritisation conflicts come from people not knowing where they are in the queue.”
44. Where do you want to be in your IT career in three years?
Sample answer: “I want to move from a primarily reactive support function into a more infrastructure-focused role — working on systems design, security architecture, or cloud infrastructure. I am building toward that by studying for my Azure certifications and getting more exposure to automation and scripting (primarily PowerShell). I am also interested in the people side of IT — I have found that the technicians who have the most impact are those who can translate technical decisions into business terms, and I want to develop that skill deliberately.”
45. Why do you want to work here specifically?
What they want to hear: Evidence that you researched the company and have a genuine reason for applying.
Sample answer (adapt to the company): “I read about your infrastructure migration to a hybrid Azure environment last year and I am interested in being part of a team making that transition work day-to-day. I also noticed from your job listings and LinkedIn activity that your IT team is growing — which suggests I would have room to take on more responsibility quickly rather than waiting years for a position to open up. The combination of a technically challenging environment and a team that is actively expanding is exactly what I was looking for.”
Get the complete IT Interview Prep Kit — free
Technical study checklist, common scenario answers, and a CompTIA A+/Network+ revision guide. Everything you need to walk in prepared.
Tips for IT Technician Interview Success
Prepare for practical tests. Many IT interviews include a hands-on component — you may be asked to diagnose a simulated broken PC, write a short PowerShell script, or walk through a network diagram. Practice on your home lab and be comfortable thinking out loud while you work.
Use the STAR format for behavioural questions. For any “tell me about a time when…” question, structure your answer: Situation (brief context), Task (what you needed to do), Action (specifically what you did), Result (what happened). Concrete examples beat vague generalities every time.
Ask good questions. Prepare two or three questions for the end of the interview: the current biggest infrastructure challenge, how the team is structured between first/second/third line, or what the biggest change in their environment has been in the last year. These signal genuine interest and help you decide if the role is right for you.
Do not memorise — understand. Scripted answers fall apart the moment a follow-up question changes the angle. Understand the concepts deeply enough to explain them differently in real time.
Frequently Asked Questions
What questions are asked in an IT technician interview? IT technician interviews typically cover operating system knowledge (especially Windows), hardware troubleshooting, networking fundamentals (DNS, DHCP, TCP/IP), security basics, and at least one or two scenario-based questions where you walk through a problem diagnosis out loud. Larger companies also ask behavioral questions about handling pressure, communicating with non-technical users, and prioritising competing requests.
How do I prepare for an IT technician interview? Review the fundamentals in the areas covered by CompTIA A+ and Network+ (even if you already hold these certifications — the refresher is valuable). Set up a home lab with a couple of virtual machines to practice common scenarios. Prepare two or three concrete examples of technical problems you have solved, formatted as STAR answers. Research the company’s tech stack if you can identify it from the job description or LinkedIn.
What certifications should an IT technician have? CompTIA A+ is the standard entry-level baseline. Network+ and Security+ round out a strong foundation for a support-to-infrastructure pathway. Microsoft certifications (MD-102 for endpoint management, AZ-800/AZ-900 for Azure) are increasingly valued as environments move to hybrid cloud. For security-focused roles, CompTIA CySA+ or SSCP are worth considering as next steps.
How long does an IT technician interview typically last? Most IT technician interviews run 45 to 75 minutes. Larger organisations may include a technical assessment (30–60 minutes) separately from the interview itself. Some companies use a two-stage process: a screening call followed by a technical and behavioral interview.
What is a good weakness to say in an IT technician interview? Choose something real and paired with what you are doing about it. For example: “I have historically been stronger on the Windows side than Linux administration. I have been addressing that by building out my home lab with Ubuntu Server and working through the LPIC-1 curriculum.” This shows self-awareness and a growth mindset — both qualities employers value in IT roles.
Next step for your job search
Pick one guide and keep momentum.
Jobiety Editorial Team
Our editorial team researches and tests every piece of career advice we publish. We draw on real hiring data, interviews with recruiters, and hands-on experience to give you guidance that works.
