nerdexam
CompTIA

PT0-001 · Question #184

When performing active information reconnaissance, which of the following should be tested FIRST before starting the exploitation process?

The correct answer is A. SQLmap. SQLmap is run first during active web application reconnaissance to automatically enumerate SQL injection vulnerabilities before more targeted manual testing begins.

Reconnaissance and enumeration

Question

When performing active information reconnaissance, which of the following should be tested FIRST before starting the exploitation process?

Options

  • ASQLmap
  • BTLS configuration
  • CHTTP verbs
  • DInput fields

How the community answered

(39 responses)
  • A
    92% (36)
  • B
    5% (2)
  • C
    3% (1)

Why each option

SQLmap is run first during active web application reconnaissance to automatically enumerate SQL injection vulnerabilities before more targeted manual testing begins.

ASQLmapCorrect

SQLmap is an automated SQL injection detection tool that actively probes application parameters during reconnaissance, enabling testers to quickly identify injectable endpoints before commencing exploitation. Running automated scanners first establishes the full attack surface and prioritizes targets, making subsequent manual techniques such as HTTP verb testing and input field analysis more focused and efficient.

BTLS configuration

TLS configuration testing evaluates transport layer security and is typically performed after initial application scanning has already identified the primary attack vectors.

CHTTP verbs

HTTP verb testing is a targeted manual reconnaissance technique performed after automated scanning has mapped the application's available endpoints and services.

DInput fields

Manually testing input fields follows automated reconnaissance, because tools like SQLmap first identify which parameters warrant deeper manual investigation.

Concept tested: Active reconnaissance tool prioritization in web application testing

Source: https://owasp.org/www-project-web-security-testing-guide/

Topics

#active reconnaissance#SQLmap#enumeration order#web scanning

Community Discussion

No community discussion yet for this question.

Full PT0-001 Practice