CompTIA PenTest+ (PT0-002) — Question 303

A penetration tester managed to get control of an internal web server that is hosting the IT knowledge base. Which of the following attacks should the penetration tester attempt next?

Answer options

• A. Vishing
• B. Watering hole
• C. Whaling
• D. Spear phishing

Correct answer: B

Explanation

The correct answer is B, Watering hole, because it involves compromising a website that is frequently visited by a target group, allowing the attacker to exploit vulnerabilities. The other options, such as Vishing, Whaling, and Spear phishing, focus on different attack vectors that do not leverage the compromised web server in the same strategic manner.