CISSP · Question #297
Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?
The correct answer is C. Blind. Blind testing is a penetration testing methodology where the tester has no prior knowledge of the target environment, but the target organization is aware the test will occur.
Question
Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?
Options
- AReversal
- BGray box
- CBlind
- DWhite box
How the community answered
(20 responses)- B5% (1)
- C90% (18)
- D5% (1)
Why each option
Blind testing is a penetration testing methodology where the tester has no prior knowledge of the target environment, but the target organization is aware the test will occur.
Reversal is not a recognized penetration testing methodology category in standard security frameworks or certifications.
Gray box testing involves the tester having partial knowledge of the target system (such as some network diagrams or credentials), which contradicts the 'no knowledge' condition stated in the question.
Blind testing (also called single-blind) is defined by two characteristics: the ethical hacker receives no prior information about the target system, simulating a real external attacker's perspective, while the target organization is notified beforehand so their security team can respond and be evaluated. This tests both the attacker simulation and the defender's detection and response capabilities simultaneously.
White box testing involves the tester having full knowledge of the target environment, including architecture, source code, and credentials, which is the opposite of the 'no knowledge' condition described.
Concept tested: Penetration testing types by knowledge level
Source: https://www.comptia.org/certifications/security
Topics
Community Discussion
No community discussion yet for this question.