CompTIA Security+ (SY0-701) — Question 316

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

Answer options

• A. Network scanning
• B. Penetration testing
• C. Open-source intelligence
• D. Configuration auditing

Correct answer: C

Explanation

The correct answer is C, as open-source intelligence allows for the collection of publicly available information without accessing proprietary data. Network scanning and penetration testing involve direct interaction with the systems that could expose sensitive information, while configuration auditing assesses system settings, which may also rely on internal data.