CompTIA Updated PT0-003 Exam Questions and Answers by tony

Comprehensive and Detailed Explanation:

Given an insecure wireless network (e.g., open or poorly secured Wi-Fi), a practical initial access technique is to capture or poison name resolution/authentication requests from client systems once they are on that network. Responder is designed to perform LLMNR/NBT-NS/MDNS poisoning and capture NTLM authentication attempts and other credential material on a local network segment. On an insecure Wi-Fi network an attacker can either join the network or run a rogue AP and then run Responder to capture credentials from connected clients — a typical and effective initial-access method in such scenarios.

Why not the others:

B. Metasploit — a general exploitation framework; useful after finding a vulnerable service, but not specifically the most-likely initial tool on an insecure Wi-Fi.

C. Netcat — a raw TCP/UDP utility (listeners/shells); useful post-exploitation but not for capturing broadcast name resolution requests.

D. Nmap — a scanner to discover hosts/ports; helpful reconnaissance, but not directly used to capture credentials on a local insecure wireless segment.

CompTIA PT0-003 Mapping: Wireless/host-based attacks and network credential-capture techniques (evil twin/rogue AP and LLMNR/NetBIOS poisoning).

To find the state of both TCP and UDP ports using Nmap, the appropriate command should combine both TCP and UDP scan options:

Understanding the Options:

-sU: Performs a UDP scan.

-sT: Performs a TCP connect scan.

Command Explanation:

Command: nmap -sU -sT -p 1-65535 example.com

This command will scan both TCP and UDP ports from 1 to 65535 on the target example.com. Combining -sU and -sT ensures that both types of services are scanned.

Comparison with Other Options:

-sW: Initiates a TCP Window scan, not relevant for identifying the state of TCP and UDP services.

-sY: Initiates a SCTP INIT scan, not relevant for this context.

-sN: Initiates a TCP Null scan, which is not used for discovering UDP services.

======

The key detail in the Nmap scan output is that port 2222/tcp is open and running the SSH service. The standard SSH port is 22, so if the tester was attempting to connect on port 22, they would not succeed because SSH is instead listening on port 2222.

This is a common security hardening tactic—moving services to non-standard ports to reduce automated attacks.

There is no indication that the service is blocked (B), or requires certificates (C), or is inactive (D), because Nmap clearly shows the service is open and identified.

CompTIA PenTest+ Reference:

PT0-003 Objective 3.3: Analyze tool output or data related to engagement activities.

Nmap usage and interpreting scan results is emphasized in multiple sections.

A computer screen shot of a computer Description automatically generated

A screen shot of a computer Description automatically generated

A computer screen with white text Description automatically generated

An orange screen with white text Description automatically generated