CompTIA PenTest+ (PT0-003) — Question 84

A penetration tester launches an attack against company employees. The tester clones the company's intranet log-in page and sends the link via email to all employees. Which of the following best describes the objective and tool selected by the tester to perform this activity?

Answer options

• A. Gaining remote access using BeEF
• B. Obtaining the list of email addresses using theHarvester
• C. Harvesting credentials using SET
• D. Launching a phishing campaign using Gophish

Correct answer: C

Explanation

The correct answer is C, as the Social Engineering Toolkit (SET) is specifically designed for creating phishing campaigns to harvest credentials. While option A refers to remote access, option B is about gathering email addresses, and option D describes a different phishing tool (Gophish), none of which directly relate to credential harvesting in this context.