CompTIA PenTest+ (PT0-001) — Question 35

A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)

Answer options

• A. Wait outside of the company's building and attempt to tailgate behind an employee.
• B. Perform a vulnerability scan against the company's external netblock, identify exploitable vulnerabilities, and attempt to gain access.
• C. Use domain and IP registry websites to identify the company's external netblocks and external facing applications.
• D. Search social media for information technology employees who post information about the technologies they work with.
• E. Identify the company's external facing webmail application, enumerate user accounts and attempt password guessing to gain access.

Correct answer: D, E

Explanation

The correct answers, D and E, focus on passive information gathering techniques that do not involve direct interaction with the target's systems. Option D involves leveraging social media for insights about technology employees, while E suggests utilizing webmail enumeration and password guessing, which are more active techniques. Options A, B, and C do not align with passive information gathering, as they involve direct engagement or scanning that could alert the target.