CompTIA PenTest+ (PT0-002) — Question 225

During enumeration, a red team discovered that an external web server was frequented by employees. After compromising the server, which of the following attacks would BEST support compromising company systems?

Answer options

• A. A side-channel attack
• B. A command injection attack
• C. A watering-hole attack
• D. A cross-site scripting attack

Correct answer: C

Explanation

A watering-hole attack is effective because it targets users by compromising a site they frequently visit, leading to potential infection or data theft when they access it. The other options, while they can be harmful, do not directly exploit the relationship between the compromised server and the users as effectively as a watering-hole attack would.