nerdexam
ExamsPT0-001Questions#16
CompTIA

PT0-001 · Question #16

PT0-001 Question #16: Real Exam Question with Answer & Explanation

The correct answer is A: a target list. Black box testing simulates a fully uninformed external attacker, so the tester is given only a target list defining scope and must discover all other information independently.

Engagement management

Question

Black box penetration testing strategy provides the tester with:

Options

  • Aa target list
  • Ba network diagram
  • Csource code
  • Dprivileged credentials

Explanation

Black box testing simulates a fully uninformed external attacker, so the tester is given only a target list defining scope and must discover all other information independently.

Common mistakes.

  • B. A network diagram is provided in white box (crystal box) testing, where the tester receives full knowledge of internal architecture before the engagement begins.
  • C. Source code access is a characteristic of white box testing that enables static analysis - it is never provided in a black box engagement.
  • D. Privileged credentials are supplied in white box or certain gray box engagements to assess internal systems, not in black box testing where no prior access is assumed.

Concept tested. Black box penetration testing methodology and tester knowledge

Reference. https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#black box testing#penetration testing methodology#engagement scope#testing approaches

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-001 Practice