nerdexam
(ISC)2

CISSP · Question #970

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

The correct answer is C. Grey box. A grey box penetration test is one that simulates the actions of an attacker who has some knowledge of the target system, such as a former network administrator. A grey box test is more realistic than a white box test, which assumes complete knowledge of the system, and more effi

Submitted by priya_blr· Mar 5, 2026Security Assessment and Testing

Question

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

Options

  • AFunctional test
  • BUnit test
  • CGrey box
  • DWhite box

How the community answered

(24 responses)
  • A
    8% (2)
  • B
    4% (1)
  • C
    88% (21)

Explanation

A grey box penetration test is one that simulates the actions of an attacker who has some knowledge of the target system, such as a former network administrator. A grey box test is more realistic than a white box test, which assumes complete knowledge of the system, and more efficient than a black box test, which assumes no knowledge of the system. A functional test and a unit test are types of software testing, not penetration testing.

Topics

#Penetration testing#Grey box testing#Insider threat simulation#Testing methodologies

Community Discussion

No community discussion yet for this question.

Full CISSP Practice