CompTIA PenTest+ (PT0-002) — Question 166

A penetration tester is conducting an engagement against an internet-facing web application and planning a phishing campaign. Which of the following is the BEST passive method of obtaining the technical contacts for the website?

Answer options

• A. WHOIS domain lookup
• B. Job listing and recruitment ads
• C. SSL certificate information
• D. Public data breach dumps

Correct answer: A

Explanation

The correct answer is A, as a WHOIS domain lookup provides direct access to the registered contact information for the domain, making it the most reliable source for technical contacts. Options B and D may yield some information but are less reliable for specific contact details, while C provides information about the certificate but not necessarily about the technical contacts.