CISSP · Question #970
An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?
The correct answer is C. Grey box. A grey box penetration test is one that simulates the actions of an attacker who has some knowledge of the target system, such as a former network administrator. A grey box test is more realistic than a white box test, which assumes complete knowledge of the system, and more effi
Question
An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?
Options
- AFunctional test
- BUnit test
- CGrey box
- DWhite box
How the community answered
(24 responses)- A8% (2)
- B4% (1)
- C88% (21)
Explanation
A grey box penetration test is one that simulates the actions of an attacker who has some knowledge of the target system, such as a former network administrator. A grey box test is more realistic than a white box test, which assumes complete knowledge of the system, and more efficient than a black box test, which assumes no knowledge of the system. A functional test and a unit test are types of software testing, not penetration testing.
Topics
Community Discussion
No community discussion yet for this question.