nerdexam
CompTIA

SY0-301 · Question #383

The security consultant is assigned to test a client's new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the a

The correct answer is A. Black box. Black box testing simulates an external attacker with zero prior knowledge of the target system's internal design or code.

Security operations

Question

The security consultant is assigned to test a client's new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?

Options

  • ABlack box
  • BPenetration
  • CGray box
  • DWhite box

How the community answered

(35 responses)
  • A
    91% (32)
  • B
    6% (2)
  • D
    3% (1)

Why each option

Black box testing simulates an external attacker with zero prior knowledge of the target system's internal design or code.

ABlack boxCorrect

Black box testing means the tester has no access to source code, APIs, data structures, or internal documentation, exactly as described in this scenario. The tester interacts with the application only from the outside, mimicking how a real external attacker would approach the target. This method is appropriate for identifying vulnerabilities that are exploitable without any insider knowledge.

BPenetration

Penetration testing describes the overall adversarial methodology and goal rather than the tester's level of internal knowledge about the system.

CGray box

Gray box testing provides the tester with partial knowledge of the system, such as limited architecture diagrams or credentials, unlike the zero-knowledge scenario described.

DWhite box

White box testing gives the tester full access to source code and internal structures, which is the opposite of the no-access condition described.

Concept tested: Black box software security testing methodology

Source: https://csrc.nist.gov/glossary/term/black_box_testing

Topics

#black box testing#penetration testing#zero-knowledge testing#software security

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice