CompTIA PenTest+ (PT0-002) — Question 85
A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?
Answer options
- A. SQLmap
- B. DirBuster
- C. w3af
- D. OWASP ZAP
Correct answer: D
Explanation
OWASP ZAP is designed for automated security testing and can be configured to run in a passive mode, allowing it to collect information without triggering alarms. In contrast, tools like SQLmap and DirBuster are more aggressive and likely to flag security systems, while w3af, although useful, does not prioritize stealth in the same way as OWASP ZAP.