nerdexam
EC-Council

312-50V10 · Question #718

The "gray box testing" methodology enforces what kind of restriction?

The correct answer is C. The internal operation of a system is only partly accessible to the tester.. Gray box testing gives the tester only partial knowledge of a system's internal workings, combining elements of both black box and white box approaches.

Information Security and Ethical Hacking Fundamentals

Question

The "gray box testing" methodology enforces what kind of restriction?

Options

  • AOnly the internal operation of a system is known to the tester.
  • BThe internal operation of a system is completely known to the tester.
  • CThe internal operation of a system is only partly accessible to the tester.
  • DOnly the external operation of a system is accessible to the tester.

How the community answered

(19 responses)
  • A
    5% (1)
  • C
    95% (18)

Why each option

Gray box testing gives the tester only partial knowledge of a system's internal workings, combining elements of both black box and white box approaches.

AOnly the internal operation of a system is known to the tester.

Knowing only the internal operation while having no external view describes an incomplete definition - gray box includes partial internal knowledge alongside external interaction, not internal-only access.

BThe internal operation of a system is completely known to the tester.

Complete knowledge of a system's internal operation describes white box testing, where the tester has full access to source code, architecture, and internal logic.

CThe internal operation of a system is only partly accessible to the tester.Correct

Gray box testing is defined by partial access to internal system information - the tester may have limited documentation, architecture diagrams, or source code but not complete visibility. This partial knowledge allows more targeted testing than pure black box while still simulating a realistic attacker who has obtained some insider information.

DOnly the external operation of a system is accessible to the tester.

Access to only the external operation with no internal knowledge describes black box testing, where the tester has no prior knowledge and interacts only with the system's exposed interface.

Concept tested: Gray box penetration testing methodology definition

Source: https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies

Topics

#gray box testing#penetration testing methodology#testing types#security assessment

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice