CompTIA PenTest+ (PT0-003) — Question 208

A penetration tester identifies an exposed corporate directory containing first and last names and phone number for employees. Which of the following attack techniques would be the most effective to pursue if the penetration tester wants to compromise user accounts?

Answer options

• A. Smishing
• B. Impersonation
• C. Tailgating
• D. Whaling

Correct answer: A

Explanation

Smishing, which involves sending deceptive text messages to trick individuals into revealing personal information, is highly effective in this scenario since the tester has access to employees' names and phone numbers. While impersonation may also be a valid tactic, it does not specifically leverage the information from the directory as effectively as smishing. Tailgating and whaling are less applicable in this context, as they do not directly involve exploiting the given data.