CompTIA PenTest+ (PT0-002) — Question 1

A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

Answer options

• A. Specially craft and deploy phishing emails to key company leaders.
• B. Run a vulnerability scan against the company's external website.
• C. Runtime the company's vendor/supply chain.
• D. Scrape web presences and social-networking sites.

Correct answer: D

Explanation

Option D is correct because scraping web presences and social-networking sites can provide a wealth of information about the company, its employees, and its operations. Options A and B involve active methods that may not yield immediate results without further information, while option C focuses on the supply chain, which may not provide relevant data for the initial penetration testing phase.