A company hires a cybersecurity consultant to perform penetration tests. The consultant is discussing with the company about the penetration testing strategy. Which statement describes the term unknown-environment testing?

A company hires a cybersecurity consultant to perform penetration tests. The consultant is discussing with the company about the penetration testing strategy. Which statement describes the term unknown-environment testing?

• This is a type of testing where the scope of the work could be extended later.
• This is a type of testing where the time frame of the work can be flexible and extension is possible.
• This type is a type of testing where the budget can be further negotiated throughout the testing.
• This type of testing is where the consultant will be provided with very limited information about the targeted systems and network.

Explanation: In unknown-environment testing (formerly called black-box penetration testing), the consultant is typically provided only a very limited amount of information, for example, only the domain names and IP addresses that are in scope for a particular target. This type of limitation is to have the consultant start with the perspective that an external attacker might have.

Exam with this question: 2.4.3 Quiz - Planning and Scoping a Penetration Testing Assessment Answers