CompTIA Security+ (SY0-501) — Question 531
An attacker has gathered information about a company employee by obtaining publicly available information from the Internet and social networks. Which of the following types of activity is the attacker performing?
Answer options
- A. Pivoting
- B. Exfiltration of data
- C. Social engineering
- D. Passive reconnaissance
Correct answer: D
Explanation
The correct answer is D, Passive reconnaissance, as it involves gathering information without interacting with the target. Options A (Pivoting) and B (Exfiltration of data) imply active engagement with the target's systems, while C (Social engineering) involves manipulating individuals rather than simply collecting information.