CompTIA PenTest+ (PT1-002) — Question 94

A penetration tester who is performing a physical assessment of a company's security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?

Answer options

• A. Badge cloning
• B. Dumpster diving
• C. Tailgating
• D. Shoulder surfing

Correct answer: B

Explanation

The correct answer is B, dumpster diving, as it involves searching through the company's trash for confidential documents that have not been properly disposed of. Other options like badge cloning, tailgating, and shoulder surfing focus on different aspects of security breaches but do not directly exploit the lack of document disposal practices.