CompTIA Security+ (SY0-501) — Question 1027

A penetration tester harvests potential usernames from a social networking site. The penetration tester then uses social engineering to attempt to obtain associated passwords to gain unauthorized access to shares on a network server.
Which of the following methods is the penetration tester MOST likely using?

Answer options

• A. Escalation of privilege
• B. SQL injection
• C. Active reconnaissance
• D. Proxy server

Correct answer: C

Explanation

The correct answer is C, as active reconnaissance involves gathering information about potential targets, such as usernames, and using that information in an attempt to gain unauthorized access. The other options do not fit this scenario; escalation of privilege refers to gaining higher access rights, SQL injection is a method to exploit databases, and a proxy server is used for routing traffic rather than for gathering usernames or passwords.