Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?
The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

1. A. My Doom
2. B. Astacheldraht
3. C. R-U-Dead-Yet?(RUDY)
4. D. LOIC

Correct Answer: C

An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt the information before transmitting onto the wire?

1. A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234
2. B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234
3. C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password
4. D. Use cryptcat instead of netcat

Correct Answer: D

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

1. A. Circuit
2. B. Stateful
3. C. Application
4. D. Packet Filtering

Correct Answer: B

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session 10 to the target employee. The session ID links the target employee to Boneys account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boneys account. What is the attack performed by Boney in the above scenario?

1. A. Session donation attack
2. B. Session fixation attack
3. C. Forbidden attack
4. D. CRIME attack

Correct Answer: A
In a session donation attack, the attacker donates their own session ID to the target user. In this attack, the attacker first obtains a valid session ID by logging into a service and later feeds the same session ID to the target user. This session ID links a target user to the attacker's account page without disclosing any information to the victim. When the target user clicks on the link and enters the details (username, password, payment details, etc.) in a form, the entered details are linked to the attacker's account. To initiate this attack, the attacker can send their session ID using techniques such as cross-site cooking, an MITM attack, and session fixation. A session donation attack involves the following steps.

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

1. A. Transport layer port numbers and application layer headers
2. B. Presentation layer headers and the session layer port numbers
3. C. Network layer headers and the session layer port numbers
4. D. Application layer port numbers and the transport layer headers

Correct Answer: A