nerdexam
(ISC)2

CAP · Question #373

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing? Each correct answer

The correct answer is B. Zero-knowledge test C. Full-knowledge test D. Open-box E. Partial-knowledge test F. Closed-box. Penetration testing is categorized by how much information the tester is given beforehand: Zero-knowledge (B) / Closed-box (F) - the tester knows nothing about the target, simulating an external attacker. Full-knowledge (C) / Open-box (D) - the tester has complete information (ne

Assessment/Audit of Security and Privacy Controls

Question

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AFull-box
  • BZero-knowledge test
  • CFull-knowledge test
  • DOpen-box
  • EPartial-knowledge test
  • FClosed-box

How the community answered

(68 responses)
  • A
    9% (6)
  • B
    91% (62)

Explanation

Penetration testing is categorized by how much information the tester is given beforehand: Zero-knowledge (B) / Closed-box (F) - the tester knows nothing about the target, simulating an external attacker. Full-knowledge (C) / Open-box (D) - the tester has complete information (network diagrams, source code, credentials), simulating an insider or auditor. Partial-knowledge (E) - the tester has some information, simulating a partially informed attacker (also called gray-box). 'Full-box' (A) is not a recognized standard category, making it the one incorrect option.

Topics

#Penetration testing#White box testing#Black box testing#Gray box testing

Community Discussion

No community discussion yet for this question.

Full CAP Practice