CSSLP Question #203: Real Exam Question with Answer & Explanation

Question

Maria has been recently appointed as a Network Administrator in Gentech Inc. She has been tasked to perform network security testing to find out the vulnerabilities and shortcomings of the present network infrastructure. Which of the following testing approaches will she apply to accomplish this task?

Options

• AGray-box testing
• BWhite-box testing
• CBlack-box testing
• DUnit testing

Explanation

To find vulnerabilities and shortcomings in the network infrastructure from an external attacker's perspective, Maria should use black-box testing. This approach simulates an external attack without prior knowledge of the internal system.

Common mistakes.

• A. Gray-box testing involves having some limited knowledge of the internal system, which is not the primary goal when simulating an external attacker's discovery of vulnerabilities.
• B. White-box testing involves complete knowledge of the system's internal structure and code, which is used for in-depth code review or specific vulnerability checks, not for discovering unknown vulnerabilities from an external perspective.
• D. Unit testing is a software development practice used to test individual components or units of a program, not an approach for network security vulnerability assessment.

Concept tested. Network security testing methodologies

Reference. https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-dev-sec-ops#dv-1-create-and-manage-a-secure-software-development-lifecycle

No community discussion yet for this question.