Which of the following is described as a plausible method to gain internal access?

Gaining internal access is often achieved by being physically present inside the facility, which lets an attacker directly reach networks, workstations, and secure areas that are behind multiple logical protections. Traveling onsite to physically access the target location is plausible because it bypasses many remote controls and can enable actions like connecting rogue devices, stealing or tampering with hardware, or observing sensitive processes firsthand. Social engineering to obtain passwords can lead to internal access, but it relies on convincing users to reveal credentials, which is less direct and typically requires additional steps to reach internal systems. A passive external scan from the internet only gathers information from outside and does not provide inside access. Publishing a vulnerability advisory is a defensive/communication action and does not enable access.