CompTIA PenTest+ (PT0-003) — Question 134

A penetration tester needs to obtain sensitive data from several executives who regularly work while commuting by train. Which of the following methods should the tester use for this task?

Answer options

• A. Shoulder surfing
• B. Credential harvesting
• C. Bluetooth spamming
• D. MFA fatigue

Correct answer: A

Explanation

Shoulder surfing is the correct choice because it involves observing someone from a close distance to gather sensitive information, which is feasible in a public setting like a train. Credential harvesting and Bluetooth spamming are not directly applicable in this scenario, while MFA fatigue refers to overwhelming a user with multi-factor authentication requests, which doesn't pertain to the immediate observation of data.