CompTIA PenTest+ (PT0-002) — Question 437

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools?
(Choose two.)

Answer options

• A. Scraping social media sites
• B. Using the WHOIS lookup tool
• C. Crawling the client's website
• D. Phishing company employees
• E. Utilizing DNS lookup tools
• F. Conducting wardriving near the client facility

Correct answer: B, C

Explanation

The correct answers, B and C, involve legitimate techniques to gather contact information without raising alarms. WHOIS lookups provide registered contact details, while crawling the client's website can reveal publicly available emails. Options A, D, E, and F either involve more invasive methods or do not directly lead to the retrieval of email addresses effectively without triggering security measures.