A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain access to the IT framework without being detected?
The ultimate goal of the pentester is to gain access to the building (a physical pentest). I don't see how a phishing email would help with that. C is the only one that makes sense in this scenario.
This is why I use brain dumps for CompTIA. Their questions are usually garbage. I have no idea if its C or D. Depends entirely on how you comprehend the question.
There is no way that it would ever be D. The questions stats that the tester needs to get inside the building. D is the only option that would not help with that.
Correct answer is C
The question says you need to gain access "to the building" AND that you need access to "the IT framework". C works for the building and D works for the IT framework. It's an awful question
This is a trick question. Comptia gives you irrelevant information and then asks a question completely unrelated. In this question, you are being asked how to gain access to an IT framework without being noticed. Impersonating a delivery person will not gain you access to any network infrastructure. When was the last time you let FedEx into your server room?
The only answer that makes sense in the context of the actual question being asked is D
Based off of the "needs to access a building" part of the question, I'm going with impersonation of a delivery worker. I'm assuming instead of using the term "infrastructure" they decided to use "IT framework" instead, which can be confusing.
So how many package delivery worker do guards let in pass the front desk.. let along all the way into the server room? Been watching too many movies..
Another STUPID question from Comptia.
While the question is garbage, understanding it is important regardless. You need to access the IT framework, but you need to physically go through the building to do so as stated in the first part of the question. A phishing email won't help with this.
Those Comptia questions are real garbage. Not straightforward what the objective is. Access the building or access IT framework? Because in this case, that is the factor to know if they want C or D as an answer...
C would allow you access to the building, but probably not behind locked gates and you will be on camera, but not "detected" by true means.
D will assure that person wil be undetected, but will not gain physical access to the building.
I think they want D as an answer, because "physical" access is not mentioned explicitly
Answer is C. Working in a secure environment and routinely getting packages teaches you to always be vigilant. My org does PenTesting 3 times a year and one of those employs the exact same scenario. Fake package or fake HVAC tech needing in to the building.
The first sentence states the penetration tester needs access to a building. No matter how many phishing e-mails you send, you will not get access to the building.
This question (to me) is obvious of a physical penetration test.
phishing emails - not gonna get you access to a building
lock picking - nope! Cameras, and security guards
Disable security cameras - nope! still have security guards
The only obvious one (to me) to gain access to a building (as the question states) is to put on that uniform, a smile, and social engineer your way in
The scenario is describing a physical security environment, and the penetration tester is trying to gain access to the building. Among the provided options, the one that applies to this physical environment and allows the tester to attempt to gain access without being detected is:
C. Impersonate a package delivery worker.
Explanation:
Option C: Impersonating a package delivery worker is a form of social engineering that could allow the tester to gain physical access to the building. By pretending to be someone who has a legitimate reason to enter the building, the tester may be able to bypass the security measures without arousing suspicion.
The other options are not as suitable for the described scenario:
Unbeliavable.... C.... Really?
The question is so obviously trying to make the point that attempting physical access isn't a good idea. What's the odd one out? The remotely sent phishing email.
This question is the equivalent of "3 Yes' and 1 no"
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TheSkyMan
Highly Voted 2 years agoTiredOfTests
Highly Voted 1 year, 6 months agoe7cde6e
1 year agoZoeAnneTaylor
7 months agoMeep123
1 year, 4 months agoe21089f
Most Recent 3 months, 2 weeks agoNappyGamer
7 months, 2 weeks agoZilla32
9 months, 1 week agoSebatian20
12 months agoBig_Dre
1 year, 2 months agoalayeluwa
1 year, 3 months agodanscbe
1 year, 4 months agomehewas855
1 year, 4 months ago[Removed]
1 year, 5 months agotrainingday
1 year, 8 months agosolutionz
1 year, 9 months agonooooo
1 year, 9 months ago[Removed]
1 year, 5 months agoAaronS1990
2 years, 1 month agoManiact165
2 years, 1 month agoppsilva
2 years, 1 month agoKingIT_ENG
2 years, 1 month ago