CompTIA PenTest+ (PT1-002) — Question 99

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

Answer options

• A. OpenVAS
• B. Drozer
• C. Burp Suite
• D. OWASP ZAP

Correct answer: A

Explanation

OpenVAS is specifically designed for vulnerability scanning, making it the ideal choice for identifying vulnerabilities associated with open ports found in the Nmap scan. The other options, while useful for other tasks, do not primarily focus on vulnerability assessment; Drozer is geared towards Android security, Burp Suite is for web application testing, and OWASP ZAP is also a web application scanner.