CompTIA PenTest+ (PT0-002) — Question 106

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift.
Which of the following social-engineering attacks was the tester utilizing?

Answer options

• A. Phishing
• B. Tailgating
• C. Baiting
• D. Shoulder surfing

Correct answer: C

Explanation

The correct answer is C, Baiting, because the tester used a physical item (the external hard drive) to entice the employee into potentially compromising the company's security. The other options, such as Phishing and Tailgating, do not involve giving a physical gift, while Shoulder surfing pertains to observing someone without their knowledge.