CompTIA PenTest+ (PT0-002) — Question 309
While performing reconnaissance, a penetration tester runs Nmap and receives the following output:
Nmap scan report for samplescan.org (44.33.55.66)
Host is up (0.025s latency).
Not shown: 992 closed tcp ports (conn-refused)
PORT STATE -
22/tcp open
23/tcp open
80/tcp open
443/tcp open
Nmap done: 1 IP address (1 host up) scanned in 5.52 seconds
Which of the following ports should the penetration tester sniff the traffic on to obtain sensitive information?
Answer options
- A. 22
- B. 23
- C. 80
- D. 443
Correct answer: B
Explanation
The correct answer is B because port 23 is associated with Telnet, which transmits data in plaintext, making it vulnerable to eavesdropping. Ports 22 (SSH) and 443 (HTTPS) provide encrypted connections, while port 80 (HTTP) is also unencrypted but is typically less sensitive than Telnet traffic.