CompTIA PenTest+ (PT0-002) — Question 153

A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?

Answer options

• A. OpenVAS
• B. Nikto
• C. SQLmap
• D. Nessus

Correct answer: C

Explanation

SQLmap is specifically designed to automate the detection and exploitation of SQL injection vulnerabilities in database servers, making it the best choice for this scenario. OpenVAS and Nessus are general vulnerability scanners that may not focus specifically on SQL vulnerabilities, while Nikto is tailored for web server scanning and may not effectively address database vulnerabilities.