CompTIA CASP+ (CAS-003) — Question 144

A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators.
Which of the following is MOST likely to produce the needed information?

Answer options

• A. Whois
• B. DNS enumeration
• C. Vulnerability scanner
• D. Fingerprinting

Correct answer: A

Explanation

The Whois database contains contact information for domain owners, including IT administrators, making option A the most likely method to find the required details. While DNS enumeration (option B) can reveal information about domain names and services, it is less direct for identifying individuals. A vulnerability scanner (option C) focuses on system weaknesses and does not typically provide personal information, and fingerprinting (option D) is about identifying devices and operating systems, not people.