CompTIA PenTest+ (PT0-002) — Question 404

Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

Answer options

• A. Shodan
• B. Nmap
• C. WebScarab-NG
• D. Nessus

Correct answer: A

Explanation

Shodan is specifically designed to search for devices connected to the internet, making it ideal for collecting information about IoT devices and their vulnerabilities. Nmap is primarily a network scanning tool, while WebScarab-NG and Nessus focus on web application security and vulnerability assessments respectively, making them less suitable for passive reconnaissance of IoT devices.