CompTIA CASP+ (CAS-003) — Question 112

The audit team was only provided the physical and logical addresses of the network without any type of access credentials.
Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.)

Answer options

• A. Tabletop exercise
• B. Social engineering
• C. Runtime debugging
• D. Reconnaissance
• E. Code review
• F. Remote access tool

Correct answer: B, F

Explanation

Social engineering (B) is effective for gathering credentials or information through manipulation, making it a viable option for initial access. A remote access tool (F) allows the audit team to connect to the network remotely, assuming they can obtain the necessary credentials through other means. The other options either do not facilitate gaining access directly or are not applicable in this context.