CompTIA PenTest+ (PT1-002) — Question 95

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?

Answer options

• A. Phishing
• B. Tailgating
• C. Baiting
• D. Shoulder surfing

Correct answer: C

Explanation

The correct answer is C, Baiting, as it involves enticing an individual to take an action by providing a reward, in this case, the external hard drive. The other options are incorrect because phishing involves fraudulent communication to obtain sensitive information, tailgating refers to gaining unauthorized access by following someone, and shoulder surfing is observing someone’s private information without their knowledge.