CompTIA PenTest+ (PT0-003) — Question 141

A penetration tester needs to confirm the version number of a client’s web-application server. Which of the following techniques should the penetration tester use?

Answer options

• A. SSL certificate inspection
• B. URL spidering
• C. Banner grabbing
• D. Directory brute forcing

Correct answer: C

Explanation

The correct answer is C, as banner grabbing involves retrieving the server's response headers which often include version information. Options A and B do not specifically provide version details of the server, and D focuses on finding hidden directories rather than identifying version numbers.