nerdexam
EC-Council

312-50V11 · Question #718

The "gray box testing" methodology enforces what kind of restriction?

The correct answer is C. The internal operation of a system is only partly accessible to the tester.. Gray box testing grants the tester only partial knowledge of the target system's internal workings, sitting between the extremes of black box and white box testing.

Information Security and Ethical Hacking Fundamentals

Question

The "gray box testing" methodology enforces what kind of restriction?

Options

  • AOnly the internal operation of a system is known to the tester.
  • BThe internal operation of a system is completely known to the tester.
  • CThe internal operation of a system is only partly accessible to the tester.
  • DOnly the external operation of a system is accessible to the tester.

How the community answered

(27 responses)
  • B
    4% (1)
  • C
    85% (23)
  • D
    11% (3)

Why each option

Gray box testing grants the tester only partial knowledge of the target system's internal workings, sitting between the extremes of black box and white box testing.

AOnly the internal operation of a system is known to the tester.

Knowing only the internal operation with no external perspective describes a partial white box approach, not gray box.

BThe internal operation of a system is completely known to the tester.

Complete knowledge of internal operations defines white box (clear box) testing, where the tester has full access to source code and architecture.

CThe internal operation of a system is only partly accessible to the tester.Correct

In gray box testing, the tester is given limited internal information - such as partial architecture diagrams, some credentials, or high-level design documents - but does not have full access to source code or complete system internals. This simulates an attacker who has obtained some insider knowledge, making it more realistic than pure black box testing while still preserving blind spots that white box testing eliminates.

DOnly the external operation of a system is accessible to the tester.

Access to only the external operation with no internal knowledge defines black box testing, which simulates a completely uninformed external attacker.

Concept tested: Gray box vs black box vs white box testing definitions

Source: https://owasp.org/www-project-web-security-testing-guide/stable/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies

Topics

#gray box testing#penetration testing methodology#testing types#partial knowledge testing

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice