CompTIA PenTest+ (PT0-003) — Question 131

During a penetration testing exercise, a team decides to use a watering hole strategy. Which of the following is the most effective approach for executing this attack?

Answer options

• A. Compromise a website frequently visited by the organization's employees.
• B. Launch a DDoS attack on the organization's website.
• C. Create fake social media profiles to befriend employees.
• D. Send phishing emails to the organization's employees.

Correct answer: A

Explanation

The most effective method for a watering hole attack is to compromise a website that is commonly used by the targeted organization's employees, as this can lead to direct infections when employees visit the site. Options B, C, and D do not align with the watering hole strategy, as they involve direct attacks or social engineering tactics rather than compromising a trusted site.