CompTIA CASP+ (CAS-003) — Question 370
As part of an organization's ongoing vulnerability assessment program, the Chief Information Security Officer (CISO) wants to evaluate the organization's systems, personnel, and facilities for various threats. As part of the assessment, the CISO plans to engage an independent cybersecurity assessment firm to perform social engineering and physical penetration testing against the organization's corporate offices and remote locations. Which of the following techniques would MOST likely be employed as part of this assessment? (Choose three.)
Answer options
- A. Privilege escalation
- B. SQL injection
- C. TOC/TOU exploitation
- D. Rogue AP substitution
- E. Tailgating
- F. Vulnerability scanning
- G. Vishing
- H. Badge skimming
Correct answer: E, G, H
Explanation
The correct answers, E (Tailgating), G (Vishing), and H (Badge skimming), are techniques commonly used in social engineering and physical penetration testing. The other options, such as A (Privilege escalation) and B (SQL injection), are primarily related to technical vulnerabilities rather than social engineering tactics.