CompTIA CASP+ (CAS-003) — Question 58

A Chief Information Officer (CIO) publicly announces the implementation of a new financial system. As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?

Answer options

• A. Call the CIO and ask for an interview, posing as a job seeker interested in an open position
• B. Compromise the email server to obtain a list of attendees who responded to the invitation who is on the IT staff
• C. Notify the CIO that, through observation at events, malicious actors can identify individuals to befriend
• D. Understand the CIO is a social drinker, and find the means to befriend the CIO at establishments the CIO frequents

Correct answer: D

Explanation

Option D is correct because building a personal relationship with the CIO can provide insight and information that might not be available through formal channels. Option A is less effective as it relies on a professional context, while option B is illegal and unethical, and option C, although informative, does not actively gather information but merely informs the CIO about potential risks.