Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?
A. Reversal
B. Gray box
C. Blind
D. White box
Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?
A. Reversal
B. Gray box
C. Blind
D. White box
The answer provided here is wrong.
Read the question carefully.
Question says “no knowledge about the target system” but the “testing target” is notified before the test.
In this case, you are only told of the organization name that you will be targeting. No other information is given to the hacker.
Answer is C
Ans B Gray box is correct. people doing the testing have some but not all knowledge about the system they test.
testing target is notified before the test means tester either knows IPs or URL of testing targets. C Blind means tester has Zero Knowledge before test.
Your explanation is the gray box of software test, this question is security test.
https://books.google.com.tw/books?id=whBmDwAAQBAJ&pg=PT720&lpg=PT720&dq=cissp+Gray+box&source=bl&ots=B9yM3yoOi2&sig=ACfU3U1N–pRRKp25XsRZEd-EhkH48at6Q&hl=zh-TW&sa=X&ved=2ahUKEwje5bn3jPrpAhUJBZQKHfOKB4EQ6AEwA3oECAcQAQ#v=onepage&q=blind&f=false
LOOK OUT!
The CISSP exam questions on this site are too old, many new questions are NOT available.
They are not valid enough for passing exam!!!
I just found another version of CISSP exam questions with NEW questions updated recently here:
https://www.passleader.com/cissp.html
Just FYI.
If you have some helpful CISSP study materials, please kindly sharing.
Sharing is caring, let’s help each other!!!
Thanks in advance!!!
Hello, guys!
Getting more new CISSP exam questions from Google Drive files:
https://drive.google.com/drive/folders/1MHyoLc7pcLRw87o5omeTiImZDhQFYaUB
(shared by PassLeader)
Good luck!
The answer is C. This site describes all of the different types of pen testing: https://www.info-savvy.com/types-of-penetration-testing.
“Blind testing: In the blind testing, the pen-tester has limited information or knows nothing about the target, but the target is informed of an audit scope (what, how, and when the pen-tester will be testing) prior to performing the test.”
Blind is wrong.
Because the testing target is notified before the test.
Test without target notification is called “double-blind”.
So C is correct.
You’re right, I need to study more.
C
it is difficult question… but, see below article,
https://resources.infosecinstitute.com/what-you-need-to-know-for-passing-cissp-domain-1/
White, Gray, Black testing is not mentioned about Internal people knowledge. just for attacker.
Internal, Blind, Double Blind test is mentioned for people for both side.
In this case, I think “Blind” test is correct answer.
I think this is C. Gray box hacker has some knowledge about the target.