CompTIA PenTest+ (PT0-002) — Question 9
A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom. Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)
Answer options
- A. Shoulder surfing
- B. Call spoofing
- C. Badge stealing
- D. Tailgating
- E. Dumpster diving
- F. Email phishing
Correct answer: C, D
Explanation
The correct answers are C and D. Badge stealing (C) allows the tester to use another employee's badge to gain access, while tailgating (D) involves following an authorized person into the building without needing a badge. The other options, such as shoulder surfing (A) and email phishing (F), do not directly provide physical access to the office.