CompTIA PenTest+ (PT0-002) — Question 197
A penetration tester calls an IT employee and pretends to be the financial director of the company. The penetration tester asks the IT employee to reset the financial director's email password. The penetration tester claims to be at an ongoing, off-site meeting with some investors and needs a presentation file quickly downloaded from the director's mailbox. Which of following techniques is the penetration tester trying to utilize? (Choose two.)
Answer options
- A. Scarcity
- B. Intimidation
- C. Authority
- D. Consensus
- E. Urgency
- F. Familiarity
Correct answer: C, E
Explanation
The penetration tester is using 'Authority' by pretending to be a high-ranking official to gain trust and compliance from the IT employee. Additionally, 'Urgency' is employed to create a sense of immediate need, compelling the IT employee to act quickly without verification. The other options, such as Scarcity and Intimidation, do not accurately describe the tactics being used in this scenario.