CompTIA CySA+ (CS0-002) — Question 276

A Chief Information Security Officer has asked for a list of hosts that have critical and high-severity findings as referenced in the CVE database. Which of the following tools would produce the assessment output needed to satisfy this request?

Answer options

• A. Nessus
• B. Nikto
• C. Fuzzer
• D. Wireshark
• E. Prowler

Correct answer: A

Explanation

Nessus is a vulnerability scanning tool that specifically identifies and assesses vulnerabilities against the CVE database, making it the most suitable choice for this request. Nikto is a web server scanner that primarily focuses on web vulnerabilities, while Fuzzer is used for testing application robustness, and Wireshark is a network protocol analyzer. Prowler is a security tool for AWS environments and does not fit the requirement for assessing CVE findings.