A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?
A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?
Among the given options, performing spear phishing against employees by posing as senior management is the most effective technique within an eight-hour window. This method leverages social engineering to exploit human weaknesses, which often proves more reliable and quicker than brute force attacks or tailgating. Tailgating requires the physical presence and might not guarantee access to sensitive systems, while dropping a malicious USB relies on an employee picking it up and connecting it to the network, which introduces uncertainties. Brute-force attacks, in contrast, could take much longer than eight hours and likely trigger security measures. Social engineering, specifically spear phishing, can potentially acquire credentials or sensitive information rapidly, especially if crafted convincingly.
I'm taking D here
Another stupid CompTIA question!!! I highly doubt that the employees even have the credentials for the client's financial system so that most likely writes off B and D. As for C, I think that's obsolete for obvious reasons. Also answer D actually specifies you entering the client's workspace, key-word: workspace. The client could have possible credentials written down, or his device may still be open, within 8 hours I'd say that is the most likely.
Answer D - Only because B&C are a no-go so it comes down to A or D. And A&D seems more probable given the short 8 hour time frame. A is fast but dangerous. D is stealthy but could require org chart knowledge. I would have more hope of scraping names off LinkedIn and other sources to muster up a spear phishing champagne. We don't know how long the Pentester has known about this gig and they could have been collecting OSINT for weeks. We can assume that the Pentester is qualified in all methods given and uses templates from prior successful exploits to save time.
I would say A, spear phishing requires you to complete email harvesting, OSINT, naming conventions, relevant emails or the build up of rapport. If you have all this (which you dont, then i would say this) Tailgating is quick, easy and you have access to the building. but thats my opinion.
The announce is about financial SYSTEM and not financial department.
I think D would be a better alternative. With Brute force attacks, the likely hood of locking accounts is high given the time span assigned for the hack to be done.
I’m leaning towards A. The reason being is that the question specifically mentions “8 business hours”. During the working day. So more likely than not it’s going to be physically entering the building. Just my opinion and I’m open to other suggestions!
Those answers are really vague. D could be an alternative and it also could be B, since a malicious usb could circumvent every perimeter network and give you direct access to the computer it plugs.
Answer is D, people are the main reason for data breach!
D correct
I think D is probably the most correct.
This exam is so dumb
Does anyone know the correct answer?
I would say A. Who knows how long it would take the options to succeed. So in my opinion A would be the best bet