CompTIA PenTest+ (PT0-003) — Question 180

As part of an engagement, a penetration tester needs to scan several hundred public-facing URLs for dangerous files or outdated web server versions. Which of the following should the tester use?

Answer options

• A. Nmap
• B. ZAP
• C. BloodHound
• D. Nikto

Correct answer: D

Explanation

Nikto is specifically designed for scanning web servers to identify dangerous files and outdated versions, making it the appropriate choice. Nmap is primarily a network scanner, ZAP is focused on finding vulnerabilities in web applications, and BloodHound is used for Active Directory enumeration, so they are not suitable for this task.