CompTIA CASP+ (CAS-003) — Question 5

A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?

Answer options

• A. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues
• B. Posing as a copier service technician and indicating the equipment had ג€phoned homeג€ to alert the technician for a service call
• C. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed
• D. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility

Correct answer: A

Explanation

The correct answer is A because calling employees while impersonating a help desk technician is a common social engineering tactic that exploits trust. Options B, C, and D, while they involve deception, are less plausible in a physical assessment context compared to the straightforward approach of directly soliciting sensitive information over the phone.