CompTIA PenTest+ (PT1-002) — Question 68

A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?

Answer options

• A. OpenVAS
• B. Nikto
• C. SQLmap
• D. Nessus

Correct answer: C

Explanation

SQLmap is specifically designed for detecting and exploiting SQL injection vulnerabilities in database servers, making it the most suitable choice for this scenario. OpenVAS, Nikto, and Nessus are general vulnerability scanners that may not target SQL vulnerabilities as effectively as SQLmap.