CompTIA PenTest+ (PT1-002) — Question 46

A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

Answer options

• A. Attempting to tailgate an employee going into the client's workplace
• B. Dropping a malicious USB key with the company's logo in the parking lot
• C. Using a brute-force attack against the external perimeter to gain a foothold
• D. Performing spear phishing against employees by posing as senior management

Correct answer: D

Explanation

Answer D is correct because spear phishing exploits social engineering tactics to manipulate employees into revealing sensitive information or credentials. Options A and B rely on physical access, which may not be feasible, and option C may trigger security measures that could thwart the attempt.