While conducting an assessment, a penetration tester identifies details for several unreleased products announced at a company-wide meeting.
Which of the following attacks did the tester most likely use to discover this information?
Eavesdropping
Bluesnarfing
Credential harvesting
SQL injection attack
The tester gained information by listening to a private discussion, which is eavesdropping (passive reconnaissance).
Option A (Eavesdropping) ✅: Correct.
Involves intercepting conversations via audio, network traffic, or wireless signals.
Option B (Bluesnarfing) ❌: Stealing data via Bluetooth, which is not mentioned.
Option C (Credential harvesting) ❌: No password collection occurred.
Option D (SQL injection) ❌: SQLi affects databases, not voice communications.
???? Reference: CompTIA PenTest+ PT0-003 Official Guide – OSINT & Eavesdropping Techniques
Submit