CompTIA PenTest+ (PT0-002) — Question 59

A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?

Answer options

• A. Send an SMS with a spoofed service number including a link to download a malicious application.
• B. Exploit a vulnerability in the MDM and create a new account and device profile.
• C. Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading.
• D. Infest a website that is often used by employees with malware targeted toward x86 architectures.

Correct answer: A

Explanation

The correct answer, A, utilizes social engineering to trick users into downloading malicious software via a spoofed SMS, which can lead to unauthorized access and data exfiltration. Options B and D focus on exploiting technical vulnerabilities rather than manipulating human behavior, while option C involves gathering information but does not directly enable access to devices or data exfiltration.