nerdexam
(ISC)2

CISSP · Question #416

Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?

The correct answer is C. Black-box testing. Black-box testing is a security testing strategy that simulates an external attack on a system or application, without any prior knowledge of its internal structure, design, or implementation. Black- box testing is best suited for companies with low to moderate security maturity,

Submitted by brentm· Mar 5, 2026Security Assessment and Testing

Question

Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?

Options

  • ALoad Testing
  • BWhite-box testing
  • CBlack-box testing
  • DPerformance testing

How the community answered

(52 responses)
  • A
    4% (2)
  • B
    15% (8)
  • C
    73% (38)
  • D
    8% (4)

Explanation

Black-box testing is a security testing strategy that simulates an external attack on a system or application, without any prior knowledge of its internal structure, design, or implementation. Black- box testing is best suited for companies with low to moderate security maturity, as it can reveal the most obvious and common vulnerabilities, such as misconfigurations, default credentials, or unpatched software. Black-box testing can also provide a realistic assessment of the system's security posture from an attacker's perspective.

Topics

#security testing#black-box testing#organizational maturity

Community Discussion

No community discussion yet for this question.

Full CISSP Practice