nerdexam
CompTIA

SY0-301 · Question #382

A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the followi

The correct answer is D. White box. White box testing gives the tester full visibility into application code, architecture, and data structures for thorough internal analysis.

Security operations

Question

A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing?

Options

  • ABlack box
  • BPenetration
  • CGray box
  • DWhite box

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    3% (1)
  • D
    91% (29)

Why each option

White box testing gives the tester full visibility into application code, architecture, and data structures for thorough internal analysis.

ABlack box

Black box testing gives the tester no access to internal code or structures and relies only on external interaction with the application's interface.

BPenetration

Penetration testing describes the goal of simulating an attack against a system and can be conducted under any knowledge level - it is a methodology, not a knowledge-classification type.

CGray box

Gray box testing grants only partial knowledge of the system's internals, such as limited documentation or user-level credentials, not complete access as described.

DWhite boxCorrect

White box testing, also called clear-box or glass-box testing, provides the tester with complete knowledge of the application's internals, including source code, APIs, and data structures. This allows deep analysis of logic flaws, insecure code paths, and structural vulnerabilities that would be invisible to an external tester. The scenario explicitly states the analyst has complete access to code and data structures, which is the defining characteristic of white box testing.

Concept tested: White box software security testing methodology

Source: https://csrc.nist.gov/glossary/term/white_box_testing

Topics

#white box testing#software security testing#code review#QA testing

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice