CompTIA PenTest+ (PT0-001) — Question 101

At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain this information?

Answer options

• A. Enumeration of services
• B. OSINT gathering
• C. Port scanning
• D. Social engineering

Correct answer: B

Explanation

The correct answer, OSINT gathering, refers to collecting publicly available information, which fits the scenario of finding employee data on a public web server. Enumeration of services, port scanning, and social engineering are methods that involve different approaches to gather information, either through probing services, scanning ports, or manipulating individuals, none of which apply to simply accessing publicly available files.