CompTIA CASP+ (CAS-003) — Question 111

A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?

Answer options

• A. The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration
• B. The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat
• C. The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats
• D. The company should install a temporary CCTV system to detect unauthorized access to physical offices

Correct answer: A

Explanation

The correct answer is A because attempting to gain access through social engineering directly tests the effectiveness of current security measures against real-world tactics used by attackers. Option B, while valuable for reviewing existing logs, does not actively test the security protocols. Option C focuses on monitoring for insider threats rather than evaluating external unauthorized access, and option D involves a monitoring solution rather than a proactive assessment of vulnerabilities.