CompTIA PenTest+ (PT0-002) — Question 446

A penetration tester has been given eight business hours to gain access to a client's financial system.
Which of the following techniques will have the HIGHEST likelihood of success?

Answer options

• A. Attempting to tailgate an employee who is going into the client's workplace
• B. Dropping a malicious USB key with the company's logo in the parking lot
• C. Using a brute-force attack against the external perimeter to gain a foothold
• D. Performing spear phishing against employees by posing as senior management

Correct answer: D

Explanation

The correct answer is D because spear phishing targets individuals with tailored messages, increasing the chance of success. Option A, tailgating, may not provide direct access to the system without further insider assistance. Option B relies on chance for someone to use the USB, and option C is less likely to succeed due to security measures against brute-force attacks.