🔥 3-day streak
CompTIA PenTest+ (PT0-003)47 / 175
Question 47 of 175
During an authenticated vulnerability scan of a Debian-based web server, the scanner flags OpenSSH as vulnerable to a critical CVE, citing the reported version banner of 8.4p1. The client insists the system is fully patched via their standard apt update process. Before including this finding in the report, what is the MOST accurate way for you to determine whether this is a false positive?
Reviewed for accuracy · Report an issueNext question