CompTIA Security+ (SY0-501) — Question 312

After attempting to harden a web server, a security analyst needs to determine if an application remains vulnerable to SQL injection attacks.
Which of the following would BEST assist the analyst in making this determination?

Answer options

• A. tracert
• B. Fuzzer
• C. nslookup
• D. Nmap
• E. netcat

Correct answer: B

Explanation

The Fuzzer is specifically designed to test applications for vulnerabilities by sending a large amount of random data to the application, making it the best choice for detecting SQL injection flaws. Other options like tracert and nslookup are not relevant for testing application vulnerabilities, while Nmap is mainly used for network scanning and netcat is a networking utility, neither of which directly addresses SQL injection testing.