CompTIA PenTest+ (PT0-002) — Question 223

A penetration tester is attempting to get more people from a target company to download and run an executable. Which of the following would be the MOST effective way for the tester to achieve this objective?

Answer options

• A. Dropping USB flash drives around the company campus with the file on it
• B. Attaching the file in a phishing SMS that warns users to execute the file or they will be locked out of their accounts
• C. Sending a pretext email from the IT department before sending the download instructions later
• D. Saving the file in a common folder with a name that encourages people to click it

Correct answer: C

Explanation

The correct answer is C because sending a pretext email from the IT department creates a sense of authority and trust, increasing the likelihood that recipients will follow through with the download. Options A and B are less effective as they rely on chance and create suspicion, while D may not have the same level of persuasive impact as an email from a trusted source.