CompTIA PenTest+ (PT0-002) — Question 346

A penetration tester would like to use a vulnerability scanner to assess the security of a web server. Which of the following specialized tools would be the best for the tester to use?

Answer options

• A. OpenVAS
• B. Nikto
• C. Brakeman
• D. SCAP

Correct answer: B

Explanation

Nikto is specifically designed to scan web servers for vulnerabilities, making it the best choice for this scenario. OpenVAS and SCAP are more general-purpose tools not specifically focused on web server vulnerabilities, while Brakeman is tailored for Ruby on Rails applications, which may not be applicable to all web servers.