CompTIA PenTest+ (PT0-002) — Question 172

During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including corporate email addresses. Which of the following techniques should the penetration tester perform NEXT?

Answer options

• A. Badge cloning
• B. Watering-hole attack
• C. Impersonation
• D. Spear phishing

Correct answer: D

Explanation

The correct answer is D, Spear phishing, because it involves using the obtained email addresses to target individuals with tailored attacks, increasing the likelihood of success. The other options, while potentially effective in different contexts, do not directly leverage the gathered email information in the same focused and targeted manner.