CompTIA PenTest+ (PT0-003) — Question 8

During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?

Answer options

• A. Burp Suite
• B. Wireshark
• C. Zed Attack Proxy
• D. Metasploit

Correct answer: B

Explanation

The correct answer is B, Wireshark, as it is designed to capture and analyze network traffic, making it ideal for intercepting plaintext credentials. While Burp Suite and Zed Attack Proxy are also security tools, they focus more on web application security and do not primarily capture network traffic. Metasploit is used for exploiting vulnerabilities rather than capturing data.