nerdexam
(ISC)2

CISSP · Question #297

Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?

The correct answer is C. Blind. Blind testing is a penetration testing methodology where the tester has no prior knowledge of the target environment, but the target organization is aware the test will occur.

Submitted by priya_blr· Mar 5, 2026Security Assessment and Testing

Question

Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?

Options

  • AReversal
  • BGray box
  • CBlind
  • DWhite box

How the community answered

(20 responses)
  • B
    5% (1)
  • C
    90% (18)
  • D
    5% (1)

Why each option

Blind testing is a penetration testing methodology where the tester has no prior knowledge of the target environment, but the target organization is aware the test will occur.

AReversal

Reversal is not a recognized penetration testing methodology category in standard security frameworks or certifications.

BGray box

Gray box testing involves the tester having partial knowledge of the target system (such as some network diagrams or credentials), which contradicts the 'no knowledge' condition stated in the question.

CBlindCorrect

Blind testing (also called single-blind) is defined by two characteristics: the ethical hacker receives no prior information about the target system, simulating a real external attacker's perspective, while the target organization is notified beforehand so their security team can respond and be evaluated. This tests both the attacker simulation and the defender's detection and response capabilities simultaneously.

DWhite box

White box testing involves the tester having full knowledge of the target environment, including architecture, source code, and credentials, which is the opposite of the 'no knowledge' condition described.

Concept tested: Penetration testing types by knowledge level

Source: https://www.comptia.org/certifications/security

Topics

#penetration testing#blind testing#ethical hacking#security assessment

Community Discussion

No community discussion yet for this question.

Full CISSP Practice