CompTIA PenTest+ (PT0-003) — Question 20

A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?

Answer options

• A. Shoulder surfing
• B. Recon-ng
• C. Social media
• D. Password dumps

Correct answer: C

Explanation

The correct answer is C, as social media platforms provide valuable insights into potential targets, their interests, and their connections, which can enhance the effectiveness of a phishing campaign. Options A, B, and D are less relevant at this stage; shoulder surfing is not a systematic approach, Recon-ng is more focused on gathering information from various sources rather than social interaction, and password dumps do not aid in understanding the target's behavior or context.