Network Security

Important Questions and Answers for Network Security 

All listed questions are very common and important and you must be prepared with all of the following answers before facing any interview for a Network Security position.

Q. What is a firewall?

A: A firewall is used to provide security to the private networks connected to the internet. They can be implemented as hardware or software, or a combination of both. All incoming and outgoing network traffic are examined and accepted/rejected by the firewall as per defined rules.

Q. What is the difference between network gateway and a firewall?

A: A network gateway joins two networks together and a network firewall protects a computer network against unauthorized incoming or outgoing access. Network firewalls may be hardware devices or software programs.

Q. What is the difference between IPS and a firewall?

A: The primary function of a firewall is to prevent/control traffic flow from an untrusted network (outside). A firewall is not able to detect an attack in which the data is deviating from its regular pattern, whereas an IPS can detect and reset that connection as it has inbuilt anomaly detection.

Q. What is a transparent firewall?

A: A transparent firewall is considered as Layer 2. Deploying a new firewall into a network can be a complicated process due to various issues (e.g. IP address reconfiguration, network topology changes, current firewall etc.) because the firewall is not a routed hop and you can easily introduce a transparent firewall into an existing network.

Q. What is packet filtering?

A: Packet filtering is the process of permitting or blocking ip packets based on source and destination addresses, ports, or protocols. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing or allow. Packet filtering is also part of a firewall program for protecting a local network from unwanted access.

Q. Define stateful inspection?

A: Stateful inspection is known as dynamic packet filtering and is a firewall technology that monitors the state of active connections and uses this information to determine which network packets are allowed through the firewall. Stateful inspection analyses packets down to the application layer.

Q. What is the Public Key Encryption?

A: Public key encryption uses public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a message, a sender has to know the recipient’s public key.

Q. Define Digital Signatures

A: Digital signature is an attachment to an electronic message used for security purposes. It is used to verify the authenticity of the sender.

Q. What is Authorization?

A: Authorization is a security mechanism used to determine user/client privileges or access levels related to network resources, including firewalls, routers, switches and application features. Authorization is normally preceded by authentication and during authorization. Its system that verifies an authenticated user’s access rules and either grants or refuses resource access.

Q. What is stateful failover?

A: Every time a session is created for a flow of traffic on the primary node, it is synced to the secondary node. When the primary node fails, sessions continue to pass traffic through the secondary node without having to re-establish.

Q. What is VPN and describe IPsec VPN

A: Virtual Private Network (VPN) creates a secure network connection over a public network such as the internet.

IPsec VPN means VPN over IP Security allows two or more users to communicate in a secure manner by authenticating and encrypting each IP packet of a communication session.

Q. What is Site to Site and remote access VPN?

A: A site-to-site VPN allows offices in multiple locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN is different from remote-access VPN as it eliminates the need for each computer to run VPN client software as if it were on a remote-access VPN.

Q. How do you check the status of the tunnel’s phase 1 & 2 ?

A: Use following commands to check the status of tunnel phases:

Phase 1: show crypto isakmp and State: MM_ACTIVE

Phase 2: show crypto ipsec sa

Note: if you have lot of tunnels and the output is confusing use a ‘show crypto ipsec sa peer 12.12.12.12’ command instead.

Q. What is SSL VPN? How it is different from IPsec VPN?

A: SSL VPN provides remote access connectivity from almost any internet enabled location without any special client software at a remote site. You only need a standard web browser and its native SSL encryption.

IPsec is a dedicated point-to-point fixed VPN connection where SSL VPNs provides anywhere connectivity without any configuration or special software at remote site.

Q. What is GRE and why is it required?

A: Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks.

GRE enables a wrapper to be placed around a packet during transmission of the data. A receiving GRE removes the wrapper, enabling the original packet to be processed by the receiving stack.

Advantages of GRE tunnels include the following:

·         GRE tunnels connect discontinuous sub-networks.

·         GRE tunnels allow VPNs across wide area networks (WANs).

·         GRE tunnels encase multiple protocols over a single-protocol backbone.

·         GRE tunnels provide workarounds for networks with limited hops.

Q. Firewalls work at what layer? Define firewall generations and their roles.

A: Firewalls work at layer 3, 4 & 7. First generation firewalls provide packet filtering and they generally operate at layer 3 (Network Layer). Second generation firewalls operate up to the Transport layer (layer 4) and records all connections passing through it and determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. Second generation firewall is mainly used for Stateful Inspection.

Third generation firewalls operate at layer 7. The key benefit of application layer filtering is that it can “understand” certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)).

Q. What is DoS attack? How can it be prevented?

A: DoS (Denial of Service) attack can be generated by sending a flood of data or requests to a target system resulting in a consume/crash of the target system’s resources. The attacker often uses ip spoofing to conceal his identity when launching a DoS attack.

Q. What is IP Spoofing?

A: An IP spoofing attack enables an attacker to replace its identity as trusted for attacking host. For example, if an attacker convinces a host that he is a trusted client, he might gain privileged access to a host.

Q. What are the security-levels in cisco ASA?

A: ASA uses security levels to determine the parameters of trust given to a network attached to the respective interface. The security level can be configured between 0 to 100 where higher number are more trusted than lower. By default, the ASA allows packets from a higher (trusted) security interface to a lower (untrusted) security interface without the need for an ACL explicitly allowing the packets.

Q. What is AAA?

A: AAA stands for authentication, authorization and accounting, used to control user’s rights to access network resources and to keep track of the activity of users over a network. The current standard by which devices or applications communicate with an AAA server is the Remote Authentication Dial-In User Service (RADIUS).

Q. What is IPS? How does it work?

A: An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. An Intrusion Prevention System can play a good role to protect against various network security attacks such as brute force attacks, Denial of Service (DoS) attacks, and vulnerability detection. Moreover, an IPS also ensures prevention against protocol exploits.

Intrusion Prevention System uses four types of approaches to secure the network from intrusions which include:

·         Signature-Based

·         Anomaly-Based

·         Policy-Based

·         Protocol-Analysis-Based

Root Password reset in HP UNIX

Root Password reset in HP-UNIX

If you forget your root account password or password expired then you can reset your password by using below simple steps but before process starting take approval for downtime.


1.First of all reboot your server and login through MP and take console.

2. After that while prompt for interrupt autoboot then press escape. 

Press Any Key to interrupt Autoboot
\EFI\HPUX\AUTO ==> boot vmunix
Seconds left till autoboot -   9

HPUX>

3.Then initialize single user mode by using below command: -

HPUX> boot -is

> System Memory = 8170 MB
loading section 0
........................................................................... (complete)
loading section 1
................. (complete)
loading symbol table
loading System Directory (boot.sys) to MFS
.....
loading MFSFILES directory (bootfs) to MFS
......................................

================================================================================
WARNING: Multiple console output devices are configured. If this message
remains on the screen for more than a few minutes, then this is not the
device in use by HP-UX as the console output device. If you would like this
device to be the one used by HP-UX as the console output device, reboot and
use the EFI boot manager or the EFI 'conconfig' command to select this device
and deconfigure the others.
================================================================================

Launching /stand/vmunix
SIZE: Text:37982K + Data:8501K + BSS:27226K = Total:73710K
Console is on Serial Device - via PCDP
Booting kernel...

Loaded ACPI revision 2.0 tables.
Using /stand/ext_ioconfig

Memory Class Setup
-------------------------------------------------------------------------
Class     Physmem              Lockmem              Swapmem
-------------------------------------------------------------------------
System :  7769 MB              7769 MB              7769 MB
Kernel :  7769 MB              7769 MB              7769 MB
User   :  7028 MB              6231 MB              6255 MB
-------------------------------------------------------------------------

ktracer is off until requested.
spinlock ALAT switching supported on this system
Installing Socket Protocol families AF_INET and AF_INET6
Kernel EVM initialized
sec_init(): kernel RPC authentication/security initialization.
secgss_init():  kernel RPCSEC_GSS security initialization.
rpc_init(): kernel RPC initialization.
rpcmod_install(): kernel RPC STREAMS module "rpcmod" installation. ...(driver_install)
NOTICE: nfs_client_pv3_install(): nfs3 File system was registered at index 10.
NOTICE: nfs_client_pv4_install(): nfs4 File system was registered at index 11.
NOTICE: cachefsc_install: cachefs File system was registered at index 13.
CISS: RAID SA P400 controller on hardware path 0/3/0/0/0/0 is now online.
Boot device's HP-UX HW path is: 0/3/0/0/0/0.0x0.0x4000000000000000

    System Console is on the Built-In Serial Interface
igelan0: INITIALIZING HP PCI-X 1000Base-T Dual-port Built-in at hardware path 0/1/2/0
iether2: INITIALIZING HP AD337-60001 PCIe 1000Base-T Dual-port Adapter at hardware path 0/5/0/0/0/0
iether3: INITIALIZING HP AD337-60001 PCIe 1000Base-T Dual-port Adapter at hardware path 0/5/0/0/0/1
igelan1: INITIALIZING HP PCI-X 1000Base-T Dual-port Built-in at hardware path 0/1/2/1
AF_INET socket/streams output daemon running, pid 51
afinet_prelink: module installed
Starting the STREAMS daemons-phase 1
LVM: Root VG activated
    Swap device table:  (start & size given in 512-byte blocks)
        entry 0 - major is 64, minor is 0x2; start = 0, size = 16777216
Checking root file system.
file system is clean - log replay is not required
Root check done.
Create STCP device files
Starting the STREAMS daemons-phase 2
     $Revision: vmunix:    B.11.31_LR FLAVOR=perf
Memory Information:
    physical page size = 4096 bytes, logical page size = 4096 bytes
    Physical: 8366068 Kbytes, lockable: 5935488 Kbytes, available: 6752348 Kbytes

/sbin/ioinitrc:
/dev/vg00/lvol1:file system is clean - log replay is not required
/sbin/krs_sysinit:
       * The module 'gvid_info' has been loaded.
       * The module 'rng' has been loaded.
       * The module 'pciinfo' has been loaded.

insf: Installing special files for ipmi instance 0 address 250/0
insf: Installing special files for pseudo driver framebuf


INIT: Overriding default level with level 's'

INIT: SINGLE USER MODE


INIT: Running /sbin/sh
#

4. Then mount /usr directory and restore /etc/passwd

# mount /usr
# /usr/lbin/tsconvert -r
Restoring /etc/passwd...
/etc/passwd restored.
Deleting at and crontab audit ID files...
Can't open directory: /var/spool/cron/.ataids

5. Now you can change password by passwd command: -

# passwd root
Changing password for root
New password:
Re-enter new password:
Passwd successfully changed
# reboot

 Now password changed successfully. Reboot your server and login with new password.

Windows Basic Concepts

Windows Basic Concepts

Here I want to describe some important questions and their answers. So please read carefully its very important facts in windows servers.

1) What is Active Directory?

Ans: An Active Directory (AD) structure is a hierarchical framework of objects which include resources (e.g. printers) , services (e.g. e-mail ), and users (accounts, or users and groups) or we can say AD is a repository service of enterprise wide data

2) What are FSMO Roles? Explain Each Role?

Ans: Although most operations, such as creating a user, are multi-mastered, and can be made by connecting to any available domain controller, some operations are still handled only by designated domain controllers. Microsoft sometimes calls this the Flexible Single Master Operation (FSMO) roles. There are five FSMO roles.

Two of these are per forest:

1) Schema Master: There is only one DC in the forest acting as the Schema Master. It holds the master copy of the Schema.

2) Domain Naming Master: There is only one DC in the forest acting as the Domain Naming Master. It authorizes the creation and deletion of domains in the forest.

Within each domain there are three further roles.

3) PDC emulator: Each domain has a PDC emulator. As its name suggests it provides compatibility with legacy (NT4) DCs and clients. It also functions as the domain master browser, source for time synchronization within the domain, and the single mastering of Group Policies.

4) RID Master: Each domain also has a RID Master. The RID Master generates a pool of Relative IDentifiers and allocates them to other DCs in its domain. Each DC can use a RID from its pool whenever it needs to generate a SID (Security IDentifier) for any new security principals object (users, groups or computers) that is created. A SID is a globally unique identifier for a security principal. The RID master is also used to single master the movement of security principals from one domain to another.

5) Infrastructure Master: Finally, each domain has an Infrastructure Master (IM). The IM periodically looks up references to external objects by consulting the global catalog. An example of an 'external object' would be if you added a user from one Domain A to a group in Domain B. As far as Domain B is concerned the user is an external object. The IM is checking to see if any details about that foreign object (such as its distinguished name or SID) have changed.

3) What is a Global Catalog?

Ans: The Global Catalog (GC) has two primary functions. First, it acts as a domain controller that stores object data and manages queries about objects and their most common attributes (called the Global Catalog Partial Attribute Set, or PAS). Second, it provides data that permits network logon. GC provides a listing of all objects in AD so we can query GC for any information needed. LDAP (light weight directory access protocol) is used (by AD) to query the GC on port 3268.

4) What are Group Policies?

Ans: Group policies are used by administrators to configure and control user environment settings. Group Policy Objects (GPOs) are used to configure group policies which are applied to sites, domains, and organizational units (OUs). Settings that do the following may be applied with group policy:  Manage user environments - Wallpaper and other settings.  Manage scripts - Logon/logoff and startup/shutdown scripts.  Manage security - Event log settings, account policies, and more.  Manage software deployment - Applications may be automatically installed when the client computer starts.  Redirect folders - Folders on a local computer may be redirected to a network share.

5) What is the difference between a Domain and Workgroup?

Ans: A domain is a group of computers and devices on a network that are administered as a unit with common rules and procedures. Within the Internet, domains are defined by the IP address. All devices sharing a common part of the IP address are said to be in the same domain.

Workgroup computing occurs when all the individuals have computers connected to a network (a group of two or more computer systems linked together) that allows them to send e-mail to one another, share data files, and other resources such as printers. Normally, a workgroup is limited to 10 network devices/computers. Since workgroup machines might have different account names, you really have to know the admin account for each specific machine in order to effectively manage the workgroup.

6) What is the relationship between tree and a forest?

Ans: The framework that holds the objects is viewed at a number of levels. At the top of the structure is the Forest - the collection of every object, its attributes and rules (attribute syntax) in the AD. The forest holds one or more transitive, trust-linked Trees. A tree holds one or more Domains and domain trees, again linked in a transitive trust hierarchy. Domains are identified by their DNS name structure, the namespace. A domain has a single DNS name.

The objects held within a domain can be grouped into containers called Organizational Units (OUs). OUs give a domain a hierarchy, ease its administration, and can give a semblance of the structure of the AD's company in organizational or geographical terms. OUs can contain OUs - indeed, domains are containers in this sense - and can hold multiple nested OUs. Microsoft recommends as few domains as possible in AD and a reliance on OUs to produce structure and improve the implementation of policies and administration. The OU is the common level at which to apply group policies, which are AD objects themselves called Group Policy Objects (GPOs), although policies can also be applied to domains or sites (see below). The OU is the lowest level at which administrative powers can be delegated.

[To allow users in one domain to access resources in another, AD uses trust. Trust is automatically produced when domains are created.]

7) What is the file name of Active directory and where is it stored?

Ans: C:/Windows/NTDS/Ntds.dit

8) What is backup? What are the different types of backups explain them?

Ans: Backup Is creating a replica of data on a server/PC. Backups could be taken on another disk or magnetic tape for offsite storage. Types of backup are:

I) normal or full backup: the entire backup for the day

ii) Incremental backup: backup since last backup

iii) Differential backup: backup since last full backup

9) Where is System State and what does it contain?

10) What is the difference between NTFS and FAT file system?

Ans: FAT (file allocation table): FAT16 & 32

NTFS (new technology file system): has an additional feature such as Security & File compression (not both at same time)

You can convert a partition from FAT to NTFS but not vice versa. To do so, open an MS-DOS Prompt window and type the following command:

CONVERT drive: /FS: NTFS

For example, if you want to convert your D drive to NTFS, you'd replace the word drive with the letter D, as follows:

CONVERT D: /FS: NTFS

11) How do you install Active Directory?

Ans: in command prompt: use the command DCPromo FOR INSTALL / UNINSTALL. If it is installed the command would uninstall it or if it is not installed it will install it.

12) What is DNS?

Ans: Domain naming system is responsible for resolving names to IP address.

13) What is router frequency, NAT, how it works, what router does, which protocol it uses?

Ans: 2.4GHZ. Network address translation (NAT) separates external network or internet from internal network/intranet. Router operates on network layer.

14) OSI model & protocols in each layer?

Ans: The OSI model describes a fixed, seven layer stack for networking protocols.

7. APPLICATION: HTTP, SMTP, SNMP, FTP, Telnet, ECHO, SIP, SSH, NFS, RTSP, XMPP, Whois, ENRP

6. PRESENTATION: XDR, ASN.1, SMB, AFP, NCP.

5. SESSION: ASAP, TLS, SSL, ISO 8327 / CCITT X.225, RPC, NetBIOS, ASP. Establishing & managing sessions.

4. TRANSPORT: TCP, UDP, RTP, SCTP, SPX, ATP, IL. This layer is for flow control.

3. NETWORK: IP, ICMP, IGMP, IPX, BGP, OSPF, RIP, IGRP, EIGRP, ARP, RARP, X.25. Router works on network layer. Connecting over a network.

2. DATA LINK: Ethernet, Token ring, HDLC, Frame relay, ISDN, ATM, 802.11 WiFi, FDDI, PPP. Switch works on this layer.

1. PHYSICAL: 10BASE-T, 100BASE-T, 1000BASE-T, SONET/SDH, T-carrier/E-carrier, various 802.11 physical layers. Hubs & repeaters operate on this layer.

TCP/IP model:

4 Application: DNS , TFTP , TLS/SSL, FTP, HTTP , IMAP , IRC , NNTP ,POP3 ,SIP ,SMTP,SNMP ,SSH ,TELNET ,ECHO ,Bit Torrent, RTP , PNRP , rlogin , ENRP, …

Routing protocols like BGP <Border_Gateway_Protocol> and RIP , which for a variety of reasons run over TCP and UDP respectively, may also be considered part of the application or network layer.

3 Transport: TCP ,UDP ,DCCP ,SCTP ,IL ,… Routing protocols like OSPF <Open_shortest_path_first>, which run over IP, may also be considered part of the transport or network layer. ICMP and IGMP <Internet_group_management_protocol> run over IP may be considered part of the network layer.

2 Network: IP , ARP and RARP operate underneath IP but above the link layer so they belong somewhere in between.

1 Link: Ethernet , Wi-Fi , Token ring , PPP, SLIP , FDDI <Fiber_distributed_data_interface>, ATM , Frame Relay, SMDS , …

15) What is ping?

Ans: Packet internet gropher & it uses ICMP protocol. It is used to check connectivity to an IP or PC name. try ping command on your PC & check for replies.

16) What r the boot options for a PC. List them & which option do we use & when?

Ans: When PC reboots press F8 so you reach the boot options.

a) Safe Mode: This starts Windows using only basic drivers and no network connection. Safe Mode allows a Windows PC to start using default settings (VGA display driver, Microsoft mouse, no network connection, minimal device drivers) so that you can perform a system repair. These options often allow you to repair your Windows configuration without performing a complete re-installation of the system software. For example, if you have installed an application that subsequently prevents Windows from starting, you should be able to start in Safe Mode so that you can remove the offending application.

 b) Safe Mode with Networking: This is useful if you need to connect to CFS to install new drivers from the shared copy of installation files.

c) Safe Mode with Command Prompt: This startup option does not start the Windows GUI. However VGA drivers are installed so the option is very similar to basic Safe Mode.

d) Enable Boot Logging: This starts Windows whilst logging all devices and services that are loaded in a file, NTBTLOG.TXT, in the Windows directory. A log is always created by the preceding three Safe Mode options.

e) Enable VGA Mode: This option specifically addresses the problems which occur when a video driver prevents Windows from starting.

f) Last Known Good Configuration: If Windows fails to start successfully, try the option Last Known Good Configuration before all others including Safe Mode. This starts Windows using the registry information it saved at the last successful shutdown and it can correct basic configuration problems. It does not solve problems caused by incorrect or missing files.

g) Directory Services Restore Mode: For Windows 2000 and 2003 servers only.

h) Debugging Mode: Diagnostic tool for experienced managers.

i) Disable automatic restart on system failure: Windows XP only: If Windows experiences a critical error on startup; a blue screen error (BSOD) message may be displayed before the system restarts. This option allows you to disable the automatic restart so that the error message can be read.

17) Mother board components?

Ans: Central Processing Unit (CPU), underlying circuitry, expansion/PCI slots, video components, random access memory (RAM) slots, and a variety of other chips.

18) What is firewall, How to change settings for windows firewall, 3rd party firewalls?

Ans: A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

            If you right click on local area connection icon you will get the option to change windows firewall settings. You can also start or stop the service from services menu by typing services.msc in run window & then selecting the service.

            3^rd party firewalls are Norton or Symantec, McAfee, AVG, etc.

19) Proxy server?

Ans: Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

            A server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server.

20) Enabling file & printer sharing?

1. Ans: Run the Network Setup wizard.
2. Click the connection method that applies for your computer.
3. Accept the default computer description and computer name.
4. Accept the default workgroup name. This name should match the workgroup name of the other computers that you want to share files with.

21) Difference between switch & hub & router, layers on which they work?

Ans: Switch:-A network switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A network switch is a multiport network bridge that uses MAC addresses to forward data at the data link layer of the OSI model.

Router:-A router is a networking device that forwards data packets between computer networks. ... A packet is typically forwarded from one router to another router through the networks that constitute an internetwork (e.g. the Internet) until it reaches its destination node.

Hub:-Hubs are devices commonly used to connect segments of a LAN.

22) Boot sequence of PC?

Ans: For System Boot Sequence go through this:
The system BIOS is what starts the computer running when you turn it on. The following are the steps that a typical boot sequence involves. Of course this will vary by the manufacturer of your hardware, BIOS, etc., and especially by what peripherals you have in the PC. Here is what generally happens when you turn on your system power:

1. The internal power supply turns on and initializes. The power supply takes some time until it can generate reliable power for the rest of the computer, and having it turn on prematurely could potentially lead to damage. Therefore, the chipset will generate a reset signal to the processor (the same as if you held the reset button down for a while on your case) until it receives the Power Good signal from the power supply.
2. When the reset button is released, the processor will be ready to start executing. When the processor first starts up, it is suffering from amnesia; there is nothing at all in the memory to execute. Of course processor makers know this will happen, so they pre-program the processor to always look at the same place in the system BIOS ROM for the start of the BIOS boot program. This is normally location FFFF0h, right at the end of the system memory. They put it there so that the size of the ROM can be changed without creating compatibility problems. Since there are only 16 bytes left from there to the end of conventional memory, this location just contains a "jump" instruction telling the processor where to go to find the real BIOS startup program.
3. The BIOS performs the power-on self test (POST). If there are any fatal errors, the boot process stops. POST beep codes can be found in this area of the Troubleshooting Expert.
4. The BIOS looks for the video card. In particular, it looks for the video card's built in BIOS program and runs it. This BIOS is normally found at location C000h in memory. The system BIOS executes the video card BIOS, which initializes the video card. Most modern cards will display information on the screen about the video card. (This is why on a modern PC you usually see something on the screen about the video card before you see the messages from the system BIOS itself).
5. The BIOS then looks for other devices' ROMs to see if any of them have BIOSes. Normally, the IDE/ATA hard disk BIOS will be found at C8000h and executed. If any other devices BIOSes are found, they are executed as well.
6. The BIOS displays its startup screen.
7. The BIOS does more tests on the system, including the memory count-up test which you see on the screen. The BIOS will generally display a text error message on the screen if it encounters an error at this point; these error messages and their explanations can be found in this part of the Troubleshooting Expert.
8. The BIOS performs a "system inventory" of sorts, doing more tests to determine what sort of hardware is in the system. Modern BIOSes have many automatic settings and will determine memory timing (for example) based on what kind of memory it finds. Many BIOSes can also dynamically set hard drive parameters and access modes, and will determine these at roughly this time. Some will display a message on the screen for each drive they detect and configure this way. The BIOS will also now search for and label logical devices (COM and LPT ports).
9. If the BIOS support the Plug and Play standard, it will detect and configure Plug and Play devices at this time and display a message on the screen for each one it finds. See here for more details on how PnP detects devices and assigns resources.
10. The BIOS will display a summary screen about your system's configuration. Checking this page of data can be helpful in diagnosing setup problems, although it can be hard to see because sometimes it flashes on the screen very quickly before scrolling off the top.
11. The BIOS begins the search for a drive to boot from. Most modern BIOSes contain a setting that controls if the system should first try to boot from the floppy disk (A:) or first try the hard disk (C:). Some BIOSes will even let you boot from your CD-ROM drive or other devices, depending on the boot sequence BIOS setting.
12. Having identified its target boot drive, the BIOS looks for boot information to start the operating system boot process. If it is searching a hard disk, it looks for a master boot record at cylinder 0, head 0, sector 1 (the first sector on the disk); if it is searching a floppy disk, it looks at the same address on the floppy disk for a volume boot sector.
13. If it finds what it is looking for, the BIOS starts the process of booting the operating system, using the information in the boot sector. At this point, the code in the boot sector takes over from the BIOS. The DOS boot process is described in detail here. If the first device that the system tries (floppy, hard disk, etc.) is not found, the BIOS will then try the next device in the boot sequence, and continue until it finds a bootable device.
14. If no boot device at all can be found, the system will normally display an error message and then freeze up the system. What the error message is depends entirely on the BIOS, and can be anything from the rather clear "No boot device available" to the very cryptic "NO ROM BASIC - SYSTEM HALTED". This will also happen if you have a bootable hard disk partition but forget to set it active.

This process is called a "cold boot" (since the machine was off, or cold, when it started). A "warm boot" is the same thing except it occurs when the machine is rebooted using {Ctrl}+{Alt}+{Delete} or similar. In this case the POST is skipped and the boot process continues roughly at step 8 above.

23) MBR (master boot record)?

Ans:- The Master Boot Record (MBR) is the information in the first sector of any hard disk or diskette that identifies how and where an operating system is located so that it can be boot (loaded) into the computer's main storage or random access memory. The Master Boot Record is also sometimes called the "partition sector" or the "master partition table" because it includes a table that locates each partition that the hard disk has been formatted into. In addition to this table, the MBR also includes a program that reads the boot sector record of the partition containing the operating system to be booted into RAM. In turn, that record contains a program that loads the rest of the operating system into RAM.

24) Other general OS based questions as what options u have in manage (right click my comp à manage), which logs u have in event viewer, etc..?

Ans: Once you reach there you will find System tools (here we have Event viewer, shared folders, local users & groups, Performance logs & alerts, device manager), Storage (here we have a option for disk management which tells you the file system for each drive), Services & applications.

            Event viewer has system, application & security logs. Any errors or success are logged in respective logs. Are helpful in troubleshooting. For e.g. if a print job fails you would have event ID 9 in system log indicating print job failure.