CompTIA PenTest+ (PT0-003) — Question 44

A penetration tester identifies the URL for an internal administration application while following DevOps team members on their commutes. Which of the following attacks did penetration tester most likely use?

Answer options

• A. Shoulder surfing
• B. Dumpster diving
• C. Spear phishing
• D. Tailgating

Correct answer: A

Explanation

The correct answer is A, as shoulder surfing involves watching someone to gather sensitive information such as URLs or passwords. The other options do not fit this scenario: B (dumpster diving) refers to searching through trash for information, C (spear phishing) involves targeted emails to trick users, and D (tailgating) is about unauthorized physical access to secure areas.