CompTIA PenTest+ (PT0-002) — Question 52

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

Answer options

• A. OpenVAS
• B. Drozer
• C. Burp Suite
• D. OWASP ZAP

Correct answer: A

Explanation

OpenVAS is specifically designed for vulnerability scanning and can identify known vulnerabilities associated with the services running on the open ports. The other tools, while useful for different purposes such as web application testing (Burp Suite, OWASP ZAP) and Android security (Drozer), do not focus primarily on comprehensive vulnerability scanning like OpenVAS does.