CompTIA PenTest+ (PT0-002) — Question 382

A security consultant wants to perform a vulnerability assessment with an application that can effortlessly generate an easy-to-read report. Which of the following should the attacker use?

Answer options

• A. Brakeman
• B. Nessus
• C. Metasploit
• D. SCAP

Correct answer: B

Explanation

Nessus is a widely recognized vulnerability scanner that not only identifies vulnerabilities but also generates comprehensive and easy-to-read reports, making it the best choice. Brakeman is focused on Ruby on Rails applications, while Metasploit is primarily used for penetration testing rather than vulnerability assessment. SCAP is a framework for automating security compliance but does not generate reports in the same manner as Nessus.