CompTIA PenTest+ (PT0-002) — Question 101
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago.
In which of the following places should the penetration tester look FIRST for the employees' numbers?
Answer options
- A. Web archive
- B. GitHub
- C. File metadata
- D. Underground forums
Correct answer: A
Explanation
The web archive is the best place to look first because it stores snapshots of websites over time, which likely includes the period when the phone catalog was published. GitHub, file metadata, and underground forums are less relevant as they are not directly related to the company's website's history.