Which statement is true about port 22 (SSH) in pentesting?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the eLearnSecurity Junior Penetration Tester exam with our comprehensive quiz platform. Improve your skills with multiple-choice questions, detailed explanations, and exam tips. Get exam ready with ease!

Multiple Choice

Which statement is true about port 22 (SSH) in pentesting?

Explanation:
SSH on port 22 is a frequent target in pentesting because remote access is common and misconfigurations or weak credentials often create easy entry points. In practice, many servers still allow password-based authentication or reuse leaked passwords, and administrators sometimes enable risky settings like direct root login, broad access, or outdated cipher suites. When scanners and brute-force tools run, port 22 becomes a prime candidate for credential guessing and exploitation of misconfigurations, which is why this statement is true. Ports exposed to the internet are not inherently secure by default, and SSH configurations vary widely across systems. It’s not true that port 22 is always correctly configured by default, nor that it never uses password authentication, nor that it is rarely exposed publicly; all of those claims don’t reflect typical real-world setups.

SSH on port 22 is a frequent target in pentesting because remote access is common and misconfigurations or weak credentials often create easy entry points. In practice, many servers still allow password-based authentication or reuse leaked passwords, and administrators sometimes enable risky settings like direct root login, broad access, or outdated cipher suites. When scanners and brute-force tools run, port 22 becomes a prime candidate for credential guessing and exploitation of misconfigurations, which is why this statement is true.

Ports exposed to the internet are not inherently secure by default, and SSH configurations vary widely across systems. It’s not true that port 22 is always correctly configured by default, nor that it never uses password authentication, nor that it is rarely exposed publicly; all of those claims don’t reflect typical real-world setups.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy