nerdexam
EC-Council

312-50V11 · Question #720

The "black box testing" methodology enforces what kind of restriction?

The correct answer is D. Only the external operation of a system is accessible to the tester.. Black box testing restricts the tester to only observing external inputs and outputs, with no access to or knowledge of the system's internal logic or code. This simulates how an outside attacker or end-user would interact with a system.

Information Security and Ethical Hacking Fundamentals

Question

The "black box testing" methodology enforces what kind of restriction?

Options

  • AOnly the internal operation of a system is known to the tester.
  • BThe internal operation of a system is completely known to the tester.
  • CThe internal operation of a system is only partly accessible to the tester.
  • DOnly the external operation of a system is accessible to the tester.

How the community answered

(35 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    9% (3)
  • D
    86% (30)

Why each option

Black box testing restricts the tester to only observing external inputs and outputs, with no access to or knowledge of the system's internal logic or code. This simulates how an outside attacker or end-user would interact with a system.

AOnly the internal operation of a system is known to the tester.

Knowing only the internal operation describes the opposite of black box - this does not correspond to any standard testing methodology name.

BThe internal operation of a system is completely known to the tester.

Complete knowledge of internal operations describes white box (clear box) testing, not black box testing.

CThe internal operation of a system is only partly accessible to the tester.

Partial access to internal operations describes gray box testing, which is a hybrid between black box and white box methodologies.

DOnly the external operation of a system is accessible to the tester.Correct

In black box testing, the tester has no visibility into the internal workings of the system and can only interact with it through its external interface - providing inputs and observing outputs. This methodology tests functionality and security from an outsider's perspective, ensuring the system behaves correctly without relying on knowledge of its implementation.

Concept tested: Black box vs white box vs gray box testing methodology

Source: https://www.nist.gov/system/files/documents/2021/11/15/NIST.SP.800-115.pdf

Topics

#black box testing#penetration testing methodology#testing types#zero knowledge testing

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice