CompTIA PenTest+ (PT0-002) — Question 215

A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment.

Which of the following would most likely produce useful information for additional testing?

Answer options

• A. Public code repositories associated with a developer who previously worked for the target company
• B. Public code repositories associated with the target company's organization
• C. Private code repositories associated with the target company's organization
• D. Private code repositories associated with a developer who previously worked for the target company

Correct answer: B

Explanation

The correct answer is B because public code repositories belonging to the target organization are likely to contain valuable information about the company's software and infrastructure. Options A and D involve repositories related to individuals which may not reflect the organization's current practices, while C refers to private repositories that are not accessible for public information gathering.