CompTIA PenTest+ (PT0-001) — Question 135

At the information gathering stage, a penetration tester is trying to passively identify the technology running on a client's website. Which of the following approached should the penetration tester take?

Answer options

• A. Run a spider scan in Burp Suite.
• B. Use web aggregators such as BuiltWith and Netcraft
• C. Run a web scraper and pull the website's content.
• D. Use Nmap to fingerprint the website's technology.

Correct answer: A

Explanation

The correct answer is A, as running a spider scan in Burp Suite allows for detailed analysis of the site's structure and technology without direct interaction. Options B and D involve more direct tools and methods that may not be as passive, while C focuses on content extraction, which is not aligned with the objective of passive identification.