CompTIACompTIA
SY0-501 · Question #509
SY0-501 Question #509: Real Exam Question with Answer & Explanation
The correct answer is B: Gray box. A gray box penetration test provides the tester with some limited internal knowledge, such as password hashes, to simulate a targeted attack or insider threat.
Submitted by yuriko_h· Mar 4, 2026
Question
Which of the following types of penetration test will allow the tester to have access only to password hashes prior to the penetration test?
Options
- ABlack box
- BGray box
- CCredentialed
- DWhite box
Explanation
A gray box penetration test provides the tester with some limited internal knowledge, such as password hashes, to simulate a targeted attack or insider threat.
Common mistakes.
- A. A black box penetration test provides the tester with no prior internal knowledge or access to system details, simulating an external attacker with no initial foothold.
- C. A credentialed test typically implies direct access to valid login credentials (username and password), enabling authenticated scanning or testing, rather than just password hashes that require cracking.
- D. A white box penetration test grants the tester full and comprehensive knowledge of the system's architecture, source code, and often administrative access, which far exceeds having only password hashes.
Concept tested. Penetration testing methodologies (black, gray, white box)
Reference. https://csrc.nist.gov/publications/detail/sp/800-115/final
Community Discussion
No community discussion yet for this question.