Examice

Exam PT0-002 All QuestionsBrowse all questions from this exam

Question 280

A penetration tester is attempting to get more people from a target company to download and run an executable. Which of the following would be the MOST effective way for the tester to achieve this objective?

Dropping USB flash drives around the company campus with the file on it

Attaching the file in a phishing SMS that warns users to execute the file or they will be locked out of their accounts

Sending a pretext email from the IT department before sending the download instructions later

Saving the file in a common folder with a name that encourages people to click it

Correct Answer: C

Sending a pretext email from the IT department before sending the download instructions later is the most effective approach. This method leverages the trust employees have in the IT department, making them more likely to follow the instructions. Unlike the other options, which rely on chance or might raise suspicion, the email adds a layer of credibility and increases the likelihood of the executable being downloaded and run by the target audience.

Discussion

TacosInMyBellyOption: C

C. This clearly leans on the idea of trust and authority coming from the IT department. If this is a probable route for the attacker this is a no brainier. The other approaches could easily be dismissed. C is the BEST answer here.

user82

I am trusting you because I like your username lol

[Removed]Option: C

Answer is C. An SMS message is distributed via phones. How would the users download and execute a file on a mobile device?

MordorOption: B

B. Attaching the file in a phishing SMS that warns users to execute the file or they will be locked out of their accounts

Etc_Shadow28000Option: C

C. Sending a pretext email from the IT department before sending the download instructions later: This method builds trust by sending an initial email that establishes credibility and sets the stage for the follow-up email. When the download instructions are sent, employees are more likely to trust and follow them, believing the request is legitimate. A. While this can be effective, it relies on physical access and the chance that someone will pick up and use the USB drive. This method also raises suspicion due to its unusual nature. B. This method might prompt some users to act out of fear, but it also has a high risk of raising immediate suspicion and potential reporting to security teams. D. This method depends on users stumbling upon the file and deciding to execute it, which is less predictable and may not reach a wide audience.

NarobiOption: C

I think B would be most effective, but I highly doubt users phones are included in the scope. So for that reason I would select C.

hamz1999Option: B

B. Attaching the file in a phishing SMS that warns users to execute the file or they will be locked out of their accounts