ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 280 discussion

Actual exam question from CompTIA's PT0-002
Question #: 280
Topic #: 1
[All PT0-002 Questions]

A penetration tester is attempting to get more people from a target company to download and run an executable. Which of the following would be the MOST effective way for the tester to achieve this objective?

  • A. Dropping USB flash drives around the company campus with the file on it
  • B. Attaching the file in a phishing SMS that warns users to execute the file or they will be locked out of their accounts
  • C. Sending a pretext email from the IT department before sending the download instructions later
  • D. Saving the file in a common folder with a name that encourages people to click it
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Mordor at Nov. 21, 2023, 4:21 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Learner213
3 months, 1 week ago
Selected Answer: C
This question assumes ALOT. How would a hacker send an email from the IT department, the questions do not indicate a successful breach. Why wouldn't an end user trust an email sent from the IT department? Lame
upvoted 1 times
...
Etc_Shadow28000
10 months ago
Selected Answer: C
C. Sending a pretext email from the IT department before sending the download instructions later: This method builds trust by sending an initial email that establishes credibility and sets the stage for the follow-up email. When the download instructions are sent, employees are more likely to trust and follow them, believing the request is legitimate. A. While this can be effective, it relies on physical access and the chance that someone will pick up and use the USB drive. This method also raises suspicion due to its unusual nature. B. This method might prompt some users to act out of fear, but it also has a high risk of raising immediate suspicion and potential reporting to security teams. D. This method depends on users stumbling upon the file and deciding to execute it, which is less predictable and may not reach a wide audience.
upvoted 1 times
...
Narobi
1 year, 4 months ago
I think B would be most effective, but I highly doubt users phones are included in the scope. So for that reason I would select C.
upvoted 1 times
...
TacosInMyBelly
1 year, 4 months ago
Selected Answer: C
C. This clearly leans on the idea of trust and authority coming from the IT department. If this is a probable route for the attacker this is a no brainier. The other approaches could easily be dismissed. C is the BEST answer here.
upvoted 4 times
user82
1 year, 2 months ago
I am trusting you because I like your username lol
upvoted 2 times
...
...
hamz1999
1 year, 4 months ago
Selected Answer: B
B. Attaching the file in a phishing SMS that warns users to execute the file or they will be locked out of their accounts
upvoted 1 times
...
[Removed]
1 year, 5 months ago
Selected Answer: C
Answer is C. An SMS message is distributed via phones. How would the users download and execute a file on a mobile device?
upvoted 3 times
...
Mordor
1 year, 5 months ago
B. Attaching the file in a phishing SMS that warns users to execute the file or they will be locked out of their accounts
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago