Exam PT0-002 topic 1 question 368 discussion

If the question was asking about the webserver and not the database server, then it's a toss up between Burp Suite, Nessus and Nikto, all of these will help in detecting webserver vulnerabilities. That leaves only SQLMap for if its a database server they are referring to. Because of how hard it is to choose between the 3 webserver options, I'll go with SQLMap, surely they dont expect you to pick between Nessus and Nikto??

Nessus - Vulnerability scanner for OSs, Apps, IOT, Networking Equipment... SQLmap - automated tool for SQL Injection and database takeover.

At first I thought it was D.SQLmap but now im going with B.Nessus. Seems like they are trying to throw you off by saying database server. It asks what would be used to detect vulnerabilities on the server not just SQL injections.

This was a tough one for me On one hand, Nessus would be performed by an analyst which means that it most likely would be a credentialed scan being conducted, which could reveal very comprehensive vulnerability information. However, the way the question is worded, it seems like it's asking specifically about the database server rather than the online store application. SQLmap specializes in SQL injection vulnerabilities and provides very in-depth information on what it finds. For this, I would have to give the edge to D. SQLmap

Guys the answer is in the question. We are not referring to online store server (nikto should be the best, burpsuite as well .. and SQLmap) but CompTIA is asking for "that" server: the database server.

Nessus is a comprehensive vulnerability scanner that can assess a wide range of systems, including database servers, for vulnerabilities. It provides detailed reports on discovered vulnerabilities, their severity, and recommended remediation steps

B. Nessus