nerdexam
EC-Council

312-50V10 · Question #720

The "black box testing" methodology enforces what kind of restriction?

The correct answer is D. Only the external operation of a system is accessible to the tester.. Black box testing restricts the tester to interacting only with the external interfaces of a system, with no visibility into internal code or logic. This mirrors how an end user or external attacker would interact with the system.

Information Security and Ethical Hacking Fundamentals

Question

The "black box testing" methodology enforces what kind of restriction?

Options

  • AOnly the internal operation of a system is known to the tester.
  • BThe internal operation of a system is completely known to the tester.
  • CThe internal operation of a system is only partly accessible to the tester.
  • DOnly the external operation of a system is accessible to the tester.

How the community answered

(57 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    4% (2)
  • D
    93% (53)

Why each option

Black box testing restricts the tester to interacting only with the external interfaces of a system, with no visibility into internal code or logic. This mirrors how an end user or external attacker would interact with the system.

AOnly the internal operation of a system is known to the tester.

Knowing only the internal operation while being blind to external behavior does not describe any standard testing methodology and is the inverse of the correct answer.

BThe internal operation of a system is completely known to the tester.

Full knowledge of internal operation describes white box (or clear box) testing, not black box testing.

CThe internal operation of a system is only partly accessible to the tester.

Partial access to internal operation describes gray box testing, which is a hybrid approach between black and white box testing.

DOnly the external operation of a system is accessible to the tester.Correct

In black box testing, the tester has no knowledge of or access to the internal implementation - only the external inputs and outputs are observable. This approach simulates real-world attack scenarios where an adversary has no insider knowledge of the system's architecture or source code. It tests the system purely from an external, functional perspective.

Concept tested: Black box vs white box testing methodology

Source: https://csrc.nist.gov/glossary/term/black_box_testing

Topics

#black box testing#penetration testing methodology#testing types#security assessment

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice