EC-CouncilEC-Council
312-50V13 · Question #194
312-50V13 Question #194: Real Exam Question with Answer & Explanation
The correct answer is D: Grey-box. This question seeks the term for a type of security analysis where an attacker possesses partial knowledge of the application's internal workings.
Submitted by asante_acc· Mar 6, 2026Vulnerability Analysis
Question
What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?
Options
- ABlack-box
- BAnnounced
- CWhite-box
- DGrey-box
Explanation
This question seeks the term for a type of security analysis where an attacker possesses partial knowledge of the application's internal workings.
Common mistakes.
- A. Black-box analysis is performed without any prior knowledge of the target system's internal structure, code, or architecture, simulating an external attacker.
- B. An 'announced' test refers to whether the target organization is informed about the security assessment, not the level of internal knowledge the tester possesses.
- C. White-box analysis is conducted with full knowledge of the application's internal workings, including access to source code, design documents, and architecture.
Concept tested. Penetration testing methodologies (grey-box)
Topics
#Penetration testing#Grey-box testing#Black-box testing#White-box testing
Community Discussion
No community discussion yet for this question.