CompTIA PenTest+ (PT0-002) — Question 211

A penetration tester who is performing a physical assessment has achieved physical access to a call center for the assessed company. The tester is able to move freely around the room.

Which of the following attack types is most likely to result in the tester obtaining personal or confidential information quickly?

Answer options

• A. Dumpster diving
• B. Warwalking
• C. Vishing
• D. Smishing
• E. Shoulder surfing

Correct answer: E

Explanation

Shoulder surfing is the most effective method in this scenario as it allows the tester to directly observe sensitive information being entered or displayed by employees. Other options like dumpster diving, warwalking, vishing, and smishing do not provide immediate access to information in the same way, as they rely on different tactics that may not yield quick results.