CompTIA PenTest+ (PT0-002) — Question 414

A security analyst is conducting a penetration test for an online store with a database server. Which of the following tools would best assist the tester in detecting vulnerabilities on that server?

Answer options

• A. Burp Suite
• B. Nessus
• C. Nikto
• D. SQLmap

Correct answer: D

Explanation

SQLmap is specifically designed to detect and exploit SQL injection vulnerabilities, making it the most suitable tool for this scenario. Burp Suite and Nessus are more general-purpose tools for web application and network vulnerability scanning, respectively, while Nikto primarily focuses on web server vulnerabilities rather than database-specific issues.