CompTIA PenTest+ (PT1-002) — Question 106

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools?
(Choose two.)

Answer options

• A. Scraping social media sites
• B. Using the WHOIS lookup tool
• C. Crawling the client's website
• D. Phishing company employees
• E. Utilizing DNS lookup tools
• F. Conducting wardriving near the client facility

Correct answer: A, C

Explanation

The correct options, A and C, involve publicly available information that can be accessed without raising alarms. Scraping social media sites can reveal user profiles with email addresses, while crawling the client's website can uncover contact information listed on public pages. Options B, D, E, and F either involve more intrusive methods or are less efficient for this specific purpose.