SY0-501 · Question #216
SY0-501 Question #216: Real Exam Question with Answer & Explanation
The correct answer is C: White box. The assessment described is a white box penetration test because the third party has full knowledge of the system's internals, including source code and network diagrams.
Question
As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed?
Options
- ABlack box
- BRegression
- CWhite box
- DFuzzing
Explanation
The assessment described is a white box penetration test because the third party has full knowledge of the system's internals, including source code and network diagrams.
Common mistakes.
- A. Black box testing involves no prior knowledge of the system's internal workings, simulating an external attacker with no privileged information, which contradicts the given access to source code and network diagrams.
- B. Regression testing is a type of software testing that ensures recent code changes have not introduced new defects or re-opened old ones, not a category of penetration test based on the tester's knowledge level.
- D. Fuzzing is a specific software testing technique that involves feeding malformed or unexpected inputs to a program to discover software vulnerabilities, not a description of the overall penetration test methodology based on knowledge access.
Concept tested. Penetration test types (white box)
Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/pen-testing
Community Discussion
No community discussion yet for this question.