A penetration tester recently performed a socialengineering

A penetration tester recently performed a socialengineering - CompTIA Pentest+ PT0-003

Question

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift.
Which of the following social-engineering attacks was the tester utilizing?

Answers

Phishing
Tailgating
correct

Baiting
Shoulder surfing

Explanation

Correct Answer: C. Baiting

Baiting is a social engineering attack that involves luring a victim with an appealing item, such as an external hard drive, USB stick, or free software, that contains malicious software. In this scenario, the penetration tester built trust with an employee over time and then gave them an external hard drive as a birthday gift, which is a classic example of a baiting attack.

Why is this Baiting?

The attacker offers an enticing item (external hard drive).
The target voluntarily accepts and connects it to a company system (potentially infecting the network).
The malicious payload is delivered unknowingly (e.g., malware, keylogger, or backdoor).

Why the Other Options Are Incorrect:

Phishing

Phishing involves deceptive emails, messages, or websites designed to trick a victim into providing sensitive information.
This scenario does not involve emails or messages; instead, it uses a physical device to exploit trust.
Incorrect because phishing typically happens via digital communication, not in-person manipulation.

Tailgating

Tailgating is a physical security attack where an unauthorized person follows an authorized employee into a restricted area.
The scenario does not involve physical entry into a secured location.
Incorrect because it does not involve bypassing physical security.

Shoulder Surfing

Shoulder surfing occurs when an attacker observes a victim entering credentials or sensitive information (e.g., PINs, passwords, or data) over their shoulder.
There is no mention of observing sensitive information in this scenario.
Incorrect because the attacker did not watch the employee enter sensitive data.

View Full Course Content Try our Free Questions

No Payment Cards Needed

CompTIA Pentest+ exam

Normally $69

$45/month

Subjects Included

CompTIA Pentest+

Additional Features

Over 300 Practice Questions with Answers
Quizzes in every Lesson Provided
Detailed Analysis of Questions with Answers and Explanations
Detailed Notes with Chapters, Topics & Lessons
24/7 Live chat support
24/7 WhatsApp support
One Full Month Access

Get Started

View Other Pricing Plans

CompTIA Prep

CompTIA Cloud+ CV0-004

Start Course Prep

CompTIA Prep

CompTIA Server+ SK0-005

Start Course Prep

Easy way to pass your test within a week with prepsaret

You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams

View Courses Offered