CompTIA CASP+ (CAS-003) — Question 354

A penetration tester is given an assignment to gain physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors, and entry is available only through a door protected by an RFID key and a guard stationed inside the door. Which of the following would be BEST for the penetration tester to attempt?

Answer options

• A. Gain entry into the building by posing as a contractor who is performing routine building maintenance.
• B. Tailgate into the facility with an employee who has a valid RFID badge to enter.
• C. Duplicate an employee's RFID badge and use an IR camera to see when the guard leaves the post.
• D. Look for an open window that can be used to gain unauthorized entry into the facility.

Correct answer: C

Explanation

The correct answer, C, is the best option because duplicating an RFID badge would allow the tester to gain legitimate access while monitoring the guard's movements increases the chance of success. Option A relies on deception that may not work, B involves potential detection by the employee, and D is risky due to the possibility of being spotted or not finding an accessible window.