CompTIA PenTest+ (PT0-003) — Question 199

A penetration tester wants to verify whether passwords from a leaked password list can be used to access an SSH server as a legitimate user.

Which of the following is the most appropriate tool for this task?

Answer options

• A. BloodHound
• B. Responder
• C. Burp Suite
• D. Hydra

Correct answer: D

Explanation

Hydra is designed specifically for brute-forcing passwords on various services, including SSH, making it the best choice for this task. BloodHound is used for Active Directory enumeration, Responder is for poisoning name resolution, and Burp Suite is focused on web application security, none of which are suitable for SSH password testing.