312-50V10 Question #720: Real Exam Question with Answer & Explanation

The correct answer is D: Only the external operation of a system is accessible to the tester.. Black box testing restricts the tester to interacting only with the external interfaces of a system, with no visibility into internal code or logic. This mirrors how an end user or external attacker would interact with the system.

Information Security and Ethical Hacking Fundamentals

Question

The "black box testing" methodology enforces what kind of restriction?

Options

AOnly the internal operation of a system is known to the tester.
BThe internal operation of a system is completely known to the tester.
CThe internal operation of a system is only partly accessible to the tester.
DOnly the external operation of a system is accessible to the tester.

Explanation

Black box testing restricts the tester to interacting only with the external interfaces of a system, with no visibility into internal code or logic. This mirrors how an end user or external attacker would interact with the system.

Common mistakes.

A. Knowing only the internal operation while being blind to external behavior does not describe any standard testing methodology and is the inverse of the correct answer.
B. Full knowledge of internal operation describes white box (or clear box) testing, not black box testing.
C. Partial access to internal operation describes gray box testing, which is a hybrid approach between black and white box testing.

Concept tested. Black box vs white box testing methodology

Reference. https://csrc.nist.gov/glossary/term/black_box_testing

Topics

#black box testing#penetration testing methodology#testing types#security assessment

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice