CompTIA PenTest+ (PT0-002) — Question 58

An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?

Answer options

• A. Uncover potential criminal activity based on the evidence gathered.
• B. Identify all the vulnerabilities in the environment.
• C. Limit invasiveness based on scope.
• D. Maintain confidentiality of the findings.

Correct answer: B

Explanation

The correct answer is B, as the penetration tester is specifically using tools designed to discover vulnerabilities in the systems. Option A is incorrect because the focus is on security testing rather than uncovering criminal activity. Options C and D are not the primary objectives in this scenario, as the main goal is to identify vulnerabilities rather than limit invasiveness or maintain confidentiality.