PT0-003 · Question #188
PT0-003 Question #188: Real Exam Question with Answer & Explanation
The correct answer is C: Banner grabbing. Banner Grabbing is the correct technique because SSH servers automatically transmit an identification string (banner) when a connection is initiated, which includes the software name, version, and sometimes the OS - for example, SSH-2.0-OpenSSH_8.2. A penetration tester can use t
Question
A penetration tester gains access to the target network and observes a running SSH server. Which of the following techniques should the tester use to obtain the version of SSH running on the target server?
Options
- ANetwork sniffing
- BIP scanning
- CBanner grabbing
- DDNS enumeration
Explanation
Banner Grabbing is the correct technique because SSH servers automatically transmit an identification string (banner) when a connection is initiated, which includes the software name, version, and sometimes the OS - for example, SSH-2.0-OpenSSH_8.2. A penetration tester can use tools like nc (netcat) or telnet to connect to port 22 and capture this banner instantly. Network sniffing (A) passively captures traffic but requires active communication to already be occurring and won't reliably isolate version data. IP scanning (B) identifies live hosts and open ports but doesn't extract service version details on its own. DNS enumeration (D) queries DNS records to map a network's domain structure and has no relevance to identifying a service version on a specific host.
🧠 Memory Tip: Think of a banner as a "welcome sign" - just like a store posts its name and hours at the entrance, an SSH server announces its version the moment you "walk up to the door" and knock (connect).
Topics
Community Discussion
No community discussion yet for this question.