nerdexam
ExamsCAS-002Questions#249
CompTIA

CAS-002 · Question #249

CAS-002 Question #249: Real Exam Question with Answer & Explanation

The correct answer is D: Use the internal teams to perform White box testing.. White box testing gives testers full access to source code and internal logic, enabling complete coverage of all code paths - critical when unexpected behavior is reported in specific deployments.

Question

The Chief Information Security Officer (CISO) at a software development company is concerned about the lack of introspection during a testing cycle of the company's flagship product. Testing was conducted by a small offshore consulting firm and the report by the consulting firm clearly indicates that limited test cases were used and many of the code paths remained untested. The CISO raised concerns about the testing results at the monthly risk committee meeting, highlighting the need to get to the bottom of the product behaving unexpectedly in only some large enterprise deployments. The Security Assurance and Development teams highlighted their availability to redo the testing if required. Which of the following will provide the MOST thorough testing?

Options

  • AHave the small consulting firm redo the Black box testing.
  • BUse the internal teams to perform Grey box testing.
  • CUse the internal team to perform Black box testing.
  • DUse the internal teams to perform White box testing.
  • EUse a larger consulting firm to perform Black box testing.

Explanation

White box testing gives testers full access to source code and internal logic, enabling complete coverage of all code paths - critical when unexpected behavior is reported in specific deployments.

Common mistakes.

  • A. The small consulting firm already demonstrated insufficient coverage using black box testing, and repeating the same approach with the same team will produce the same limited results.
  • B. Grey box testing provides only partial knowledge of internals, which improves on black box but still leaves many code paths unexplored compared to full white box access.
  • C. Black box testing by internal teams still provides zero visibility into code paths or internal logic, making thorough coverage of all execution branches impossible.
  • E. A larger consulting firm performing black box testing still has no access to source code or internal logic, so untested code paths remain a problem regardless of firm size.

Concept tested. Software testing methodologies - white box vs grey vs black box

Reference. https://csrc.nist.gov/glossary/term/white_box_testing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice