312-50V11 · Question #892
The "Gray-box testing" methodology enforces what kind of restriction?
The correct answer is B. The internal operation of a system in only partly accessible to the tester.. Gray-box testing grants the tester only partial knowledge of a system's internal workings, combining elements of both black-box and white-box approaches.
Question
The "Gray-box testing" methodology enforces what kind of restriction?
Options
- AOnly the external operation of a system is accessible to the tester.
- BThe internal operation of a system in only partly accessible to the tester.
- COnly the internal operation of a system is known to the tester.
- DThe internal operation of a system is completely known to the tester.
How the community answered
(27 responses)- B93% (25)
- C4% (1)
- D4% (1)
Why each option
Gray-box testing grants the tester only partial knowledge of a system's internal workings, combining elements of both black-box and white-box approaches.
Restricting the tester to only external operation describes black-box testing, where no internal knowledge is provided.
Gray-box testing is defined as a methodology where the tester has limited, partial visibility into the internal structure, logic, or architecture of the system under test. This simulates a realistic attacker scenario such as an insider with restricted access, making it more targeted than black-box but less exhaustive than white-box testing.
Stating that only internal operation is known implies the tester has no external perspective, which does not match gray-box or any standard methodology accurately.
Complete knowledge of internal operations describes white-box (clear-box) testing, where source code and architecture are fully available to the tester.
Concept tested: Gray-box testing methodology and tester knowledge scope
Source: https://csrc.nist.gov/glossary/term/gray_box_testing
Topics
Community Discussion
No community discussion yet for this question.