CompTIA PenTest+ (PT0-001) — Question 87

A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the
BEST step for penetration?

Answer options

• A. Obtain staff information by calling the company and using social engineering techniques.
• B. Visit the client and use impersonation to obtain information from staff.
• C. Send spoofed emails to staff to see if staff will respond with sensitive information.
• D. Search the internet for information on staff such as social networking sites.

Correct answer: D

Explanation

The correct answer is D because searching the internet for information on staff, including social networking sites, is a legitimate and effective method for gathering OSINT. Options A, B, and C involve unethical or illegal actions, such as social engineering, impersonation, and spoofing, which are not acceptable practices in a legitimate penetration testing scenario.