A new security analyst is given the task of determining whether any of the company’s servers are
vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest
FIRST step toward determining the version of SSH running on these servers?

A.
Passive scanning

B.
Banner grabbing

C.
Protocol analysis

D.
Penetration testing

Explanation:
B: Banner grabbing looks at the banner, or header information messages sent with data to find out about
the system(s). Banners often identify the host, the operating system running on it, and other information
that can be useful if you are going to attempt to later breach the security of it. Banners can be snaggedwith Telnet as well as tools like netcat or Nmap. In other words Banner grabbing looks at the banner, or
header, information messages sent with data to find out about the system(s). Thus a quick way to check
which version of SSH is running on your server.
Incorrect Answers:
A: Passive scanning is implemented to allow you to identify specific vulnerabilities on your network and is
not the quickest way to determine which version of SSH is running on your servers.
C: Protocol analysis is similar to packet sniffing and is a tool used for network monitoring, the data that is
being transmitted across a network – especially in real-time.
D: A penetration test will use the same techniques a hacker would use to find any flaws in your system’s
security. This means bypassing whatever security controls that might have been implemented. This is not
the quickest way to check which version of SSH was running on your servers.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 344, 458, 459