CompTIA PenTest+ (PT0-003) — Question 62

While performing a red-team exercise, a penetration tester uses a reading device to extract data from an employee's access badge. The tester creates a copy for unauthorized entry. Which of the following best describes this attack?

Answer options

• A. Smurfing
• B. Card skimming
• C. On-path attack
• D. Credential stuffing

Correct answer: B

Explanation

The correct answer is B, Card skimming, as it involves extracting data from cards or badges to create duplicates for unauthorized access. Smurfing refers to a type of DDoS attack, an On-path attack involves intercepting communications, and Credential stuffing pertains to using stolen credentials to gain access, which does not apply to this scenario.