PT0-003 Question #64: Real Exam Question with Answer & Explanation

The correct answer is B: ZAP. Dynamic Application Security Testing (DAST): Definition: DAST involves testing the application in its running state to identify vulnerabilities that could be exploited by an attacker. Purpose: Simulates attacks on a live application, examining how it behaves and identifying secur

Submitted by fatema_kw· Mar 6, 2026Vulnerability Discovery and Analysis

Question

During an assessment, a penetration tester wants to extend the vulnerability search to include the use of dynamic testing. Which of the following tools should the tester use?

Options

AMimikatz
BZAP
COllyDbg
DSonarQube

Explanation

Dynamic Application Security Testing (DAST): Definition: DAST involves testing the application in its running state to identify vulnerabilities that could be exploited by an attacker. Purpose: Simulates attacks on a live application, examining how it behaves and identifying security weaknesses. ZAP (Zed Attack Proxy): Description: An open-source DAST tool developed by OWASP. Features: Capable of scanning web applications for vulnerabilities, including SQL injection, XSS, CSRF, and other common web application vulnerabilities. Usage: Ideal for dynamic testing as it interacts with the live application and identifies vulnerabilities that may not be visible in static code analysis.

Topics

#dynamic application security testing#web vulnerability scanner#DAST#vulnerability discovery tools

Community Discussion

No community discussion yet for this question.

Full PT0-003 Practice Browse All PT0-003 Questions