CAP · Question #373
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing? Each correct answer
The correct answer is B. Zero-knowledge test C. Full-knowledge test D. Open-box E. Partial-knowledge test F. Closed-box. Penetration testing is categorized by how much information the tester is given beforehand: Zero-knowledge (B) / Closed-box (F) - the tester knows nothing about the target, simulating an external attacker. Full-knowledge (C) / Open-box (D) - the tester has complete information (ne
Question
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing? Each correct answer represents a complete solution. Choose all that apply.
Options
- AFull-box
- BZero-knowledge test
- CFull-knowledge test
- DOpen-box
- EPartial-knowledge test
- FClosed-box
How the community answered
(68 responses)- A9% (6)
- B91% (62)
Explanation
Penetration testing is categorized by how much information the tester is given beforehand: Zero-knowledge (B) / Closed-box (F) - the tester knows nothing about the target, simulating an external attacker. Full-knowledge (C) / Open-box (D) - the tester has complete information (network diagrams, source code, credentials), simulating an insider or auditor. Partial-knowledge (E) - the tester has some information, simulating a partially informed attacker (also called gray-box). 'Full-box' (A) is not a recognized standard category, making it the one incorrect option.
Topics
Community Discussion
No community discussion yet for this question.