SY0-301 · Question #383
The security consultant is assigned to test a client's new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the a
The correct answer is A. Black box. Black box testing simulates an external attacker with zero prior knowledge of the target system's internal design or code.
Question
The security consultant is assigned to test a client's new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?
Options
- ABlack box
- BPenetration
- CGray box
- DWhite box
How the community answered
(35 responses)- A91% (32)
- B6% (2)
- D3% (1)
Why each option
Black box testing simulates an external attacker with zero prior knowledge of the target system's internal design or code.
Black box testing means the tester has no access to source code, APIs, data structures, or internal documentation, exactly as described in this scenario. The tester interacts with the application only from the outside, mimicking how a real external attacker would approach the target. This method is appropriate for identifying vulnerabilities that are exploitable without any insider knowledge.
Penetration testing describes the overall adversarial methodology and goal rather than the tester's level of internal knowledge about the system.
Gray box testing provides the tester with partial knowledge of the system, such as limited architecture diagrams or credentials, unlike the zero-knowledge scenario described.
White box testing gives the tester full access to source code and internal structures, which is the opposite of the no-access condition described.
Concept tested: Black box software security testing methodology
Source: https://csrc.nist.gov/glossary/term/black_box_testing
Topics
Community Discussion
No community discussion yet for this question.