CompTIA PenTest+ (PT0-003) — Question 129

While conducting a reconnaissance activity, a penetration tester extracts the following information:

Emails:
-[email protected]
-[email protected]
-[email protected]

Which of the following risks should the tester use to leverage an attack as the next step in the security assessment?

Answer options

• A. Unauthorized access to the network
• B. Exposure of sensitive servers to the internet
• C. Likelihood of SQL injection attacks
• D. Indication of a data breach in the company

Correct answer: A

Explanation

The correct answer is A because the extracted email addresses can be used for phishing or social engineering attacks, which could lead to unauthorized network access. Options B and D do not directly relate to the information gathered, while C is less relevant as SQL injection attacks are not indicated by email addresses.