CompTIA Updated PT0-003 Exam Questions and Answers by reyan

Scapy is a powerful interactive Python-based packet manipulation tool used by penetration testers to create, modify, send, and analyze custom packets. It supports many protocols and allows you to set TCP flags, sequence numbers, and more.

tcprelay is used to redirect TCP traffic, not to craft packets.

Bluecrack is used for cracking Bluetooth encryption, irrelevant in this context.

tcpdump is a packet capture tool, not suitable for crafting or injecting packets.

The correct answer is A. Evilginx

Evilginx is a phishing framework commonly associated with adversary-in-the-middle phishing attacks. It can proxy authentication traffic between a victim and a legitimate service, allowing the attacker to capture credentials and session tokens. Because session tokens may be captured after successful authentication, Evilginx is known for being able to defeat or bypass some MFA workflows during authorized social engineering assessments.

B is incorrect because the listed commands resemble a phishing module configuration, but they are not the best-known or most appropriate option for capturing MFA/session tokens.

C is incorrect because wget portal.office.com only retrieves web content, and setting an environment variable named MFA does not create an MFA capture capability.

D is incorrect because Recon-ng is an OSINT and reconnaissance framework. It is used for information gathering, not for capturing MFA tokens or conducting adversary-in-the-middle phishing.

In PenTest+ terms, this falls under Attacks and Exploits, specifically social engineering, phishing, credential harvesting, and MFA/session-token capture techniques used during authorized engagements.

======

The vulnerability report identifies a TLS vulnerability on port 443 (HTTPS). However, the Nmap scan shows port 443 as closed, meaning the service is not running or reachable.

If the service associated with the vulnerability is not active, the reported issue cannot be valid. Therefore, the scan result contradicts the finding — making it a false positive (the scanner incorrectly flagged a vulnerability that doesn’t exist).

Why not the others:

A. True negative: Would mean no vulnerability exists and none was reported.

B. True positive: Would mean both the scan and vulnerability report agree that the service is running and vulnerable — not the case here.

C. False negative: Would mean a vulnerability exists but was not detected — also not the case.

CompTIA PT0-003 Mapping:

Domain 2.0: Information Gathering and Vulnerability Scanning

Interpret scan results and distinguish between true/false positives and negatives.