nerdexam
EC-Council

312-50V11 · Question #892

The "Gray-box testing" methodology enforces what kind of restriction?

The correct answer is B. The internal operation of a system in only partly accessible to the tester.. Gray-box testing grants the tester only partial knowledge of a system's internal workings, combining elements of both black-box and white-box approaches.

Information Security and Ethical Hacking Fundamentals

Question

The "Gray-box testing" methodology enforces what kind of restriction?

Options

  • AOnly the external operation of a system is accessible to the tester.
  • BThe internal operation of a system in only partly accessible to the tester.
  • COnly the internal operation of a system is known to the tester.
  • DThe internal operation of a system is completely known to the tester.

How the community answered

(27 responses)
  • B
    93% (25)
  • C
    4% (1)
  • D
    4% (1)

Why each option

Gray-box testing grants the tester only partial knowledge of a system's internal workings, combining elements of both black-box and white-box approaches.

AOnly the external operation of a system is accessible to the tester.

Restricting the tester to only external operation describes black-box testing, where no internal knowledge is provided.

BThe internal operation of a system in only partly accessible to the tester.Correct

Gray-box testing is defined as a methodology where the tester has limited, partial visibility into the internal structure, logic, or architecture of the system under test. This simulates a realistic attacker scenario such as an insider with restricted access, making it more targeted than black-box but less exhaustive than white-box testing.

COnly the internal operation of a system is known to the tester.

Stating that only internal operation is known implies the tester has no external perspective, which does not match gray-box or any standard methodology accurately.

DThe internal operation of a system is completely known to the tester.

Complete knowledge of internal operations describes white-box (clear-box) testing, where source code and architecture are fully available to the tester.

Concept tested: Gray-box testing methodology and tester knowledge scope

Source: https://csrc.nist.gov/glossary/term/gray_box_testing

Topics

#gray-box testing#penetration testing methodology#security testing#partial knowledge

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice