CompTIA PenTest+ (PT0-002) — Question 112

A penetration tester was hired to perform a physical security assessment of an organization's office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food. Which of the following techniques would MOST likely be used to get legitimate access into the organization's building without raising too many alerts?

Answer options

• A. Tailgating
• B. Dumpster diving
• C. Shoulder surfing
• D. Badge cloning

Correct answer: D

Explanation

The correct answer is D, as badge cloning allows an unauthorized individual to gain access by replicating a legitimate employee's access badge. Tailgating (A) involves following an authorized person into a secured area, which might raise alerts. Dumpster diving (B) is related to gathering sensitive information from trash, and shoulder surfing (C) pertains to viewing sensitive information over someone’s shoulder, neither of which provide direct access to the building.