Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session 10 to the target employee. The session ID links the target employee to Boneys account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boneys account. What is the attack performed by Boney in the above scenario?

• A.Session donation attack
• B.Session fixation attack
• C.Forbidden attack
• D.CRIME attack

Comment: *

Name: *

Email: *

Verification: *

While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

• A.Conduct IDLE scan
• B.Conduct stealth scan
• C.Conduct ICMP scan
• D.Conduct silent scan

Comment: *

Name: *

Email: *

Verification: *

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

• A.msfencode
• B.msfcli
• C.msfd
• D.msfpayload

Comment: *

Name: *

Email: *

Verification: *

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised based on trigger events: when invoked, this feature supplies data to other applications so that users can instantly receive real-time Information.
Which of the following techniques is employed by Susan?

• A.web shells
• B.Webhooks
• C.REST API
• D.SOAP API

Correct Answer: B

Webhooks are one of a few ways internet applications will communicate with one another.
It allows you to send real-time data from one application to another whenever a given event happens.
For example, let's say you've created an application using the Foursquare API that tracks when people check into your restaurant. You ideally wish to be able to greet customers by name and provide a complimentary drink when they check in.
What a webhook will is notify you any time someone checks in, therefore you'd be able to run any processes that you simply had in your application once this event is triggered.
The data is then sent over the web from the application wherever the event originally occurred, to the receiving application that handles the data.
Here's a visual representation of what that looks like:

A webhook url is provided by the receiving application, and acts as a phone number that the other application will call once an event happens.
Only it's more complicated than a phone number, because data about the event is shipped to the webhook url in either JSON or XML format. this is known as the "payload." Here's an example of what a webhook url looks like with the payload it's carrying:

Comment: *

Name: *

Email: *

Verification: *

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system.
Which TCP and UDP ports must you filter to check null sessions on your network?

• A.139 and 443
• B.137 and 139
• C.139 and 445
• D.137 and 443

Comment: *

Name: *

Email: *

Verification: *