exam questions

Exam CFR-310 All Questions

View all questions & answers for the CFR-310 exam

Exam CFR-310 topic 1 question 14 discussion

Actual exam question from CertNexus's CFR-310
Question #: 14
Topic #: 1
[All CFR-310 Questions]

After a security breach, a security consultant is hired to perform a vulnerability assessment for a company’s web application. Which of the following tools would the consultant use?

  • A. Nikto
  • B. Kismet
  • C. tcpdump
  • D. Hydra
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
044f354
3 months ago
Selected Answer: A
A. Nikto Explanation: Nikto is a web application scanner designed to detect vulnerabilities in web servers and applications. It looks for outdated software, insecure configurations, and potential security issues, making it a perfect fit for a web application vulnerability assessment. Why the other answers are incorrect: B. Kismet: A tool used for wireless network detection and packet sniffing, not for web application vulnerability assessment. C. tcpdump: A network packet analyzer for capturing traffic, but it’s not designed for finding vulnerabilities in web applications. D. Hydra: A password-cracking tool used for brute-forcing login credentials, but it doesn't assess overall web application vulnerabilities.
upvoted 1 times
...
surfuganda
8 months, 1 week ago
Selected Answer: A
Nikto: is an open-source web server scanner that performs comprehensive tests against web servers for multiple items, including dangerous files, outdated server software, and potential vulnerabilities. It is specifically designed for web application security testing and vulnerability assessment, making it a suitable tool for the consultant's task. Kismet: is primarily used for detecting and analyzing wireless networks and is not designed for web application vulnerability assessment. tcpdump: is used to inspect network traffic, it is not specifically designed for web application vulnerability assessment. Hydra: is a password-cracking tool that can perform brute-force attacks against various network services, such as FTP, SSH, Telnet, and HTTP. It is not designed for web application vulnerability assessment.
upvoted 1 times
...
Wutan
1 year, 3 months ago
Selected Answer: A
The answer is A, Nikto. Nikto is a free and open-source web vulnerability scanner. It can be used to scan web applications for known vulnerabilities. Nikto can scan for a wide variety of vulnerabilities, including cross-site scripting (XSS), SQL injection, and file upload vulnerabilities.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago