In performing an authorized penetration test of an organization’s system security, a penetration tester collects information pertaining to the application versions that
reside on a server. Which of the following is the best way to collect this type of information?

A.
Protocol analyzer

B.
Banner grabbing

C.
Port scanning

D.
Code review