SY0-501 Question #552: Real Exam Question with Answer & Explanation

Question

An external contractor, who has not been given information about the software or network architecture, is conducting a penetration test. Which of the following BEST describes the test being performed?

Options

• ABlack box
• BWhite box
• CPassive reconnaissance
• DVulnerability scan

Explanation

The test described, where an external contractor performs a penetration test without any prior information about the target's software or network architecture, is known as a black box test.

Common mistakes.

• B. A white box test (or crystal box) involves the tester having full knowledge of the system's architecture, source code, and internal workings, which directly contradicts the scenario where no information is provided.
• C. Passive reconnaissance is a preliminary phase of information gathering where the attacker collects information about the target without directly interacting with it, and it does not describe the overall type of penetration test based on the level of initial knowledge.
• D. A vulnerability scan is an automated process that identifies known security weaknesses in systems and applications, but it is distinct from a penetration test and does not describe the specific knowledge-level context of the testing methodology.

Concept tested. Penetration test types (black box)

Reference. https://learn.microsoft.com/en-us/training/modules/secure-code-practices-threat-modeling/3-threat-modeling-best-practices

No community discussion yet for this question.