312-50V11 Question #718: Real Exam Question with Answer & Explanation

The correct answer is C: The internal operation of a system is only partly accessible to the tester.. Gray box testing grants the tester only partial knowledge of the target system's internal workings, sitting between the extremes of black box and white box testing.

Information Security and Ethical Hacking Fundamentals

Question

The "gray box testing" methodology enforces what kind of restriction?

Options

AOnly the internal operation of a system is known to the tester.
BThe internal operation of a system is completely known to the tester.
CThe internal operation of a system is only partly accessible to the tester.
DOnly the external operation of a system is accessible to the tester.

Explanation

Gray box testing grants the tester only partial knowledge of the target system's internal workings, sitting between the extremes of black box and white box testing.

Common mistakes.

A. Knowing only the internal operation with no external perspective describes a partial white box approach, not gray box.
B. Complete knowledge of internal operations defines white box (clear box) testing, where the tester has full access to source code and architecture.
D. Access to only the external operation with no internal knowledge defines black box testing, which simulates a completely uninformed external attacker.

Concept tested. Gray box vs black box vs white box testing definitions

Reference. https://owasp.org/www-project-web-security-testing-guide/stable/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies

Topics

#gray box testing#penetration testing methodology#testing types#partial knowledge testing

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice