An organization wants to test its vulnerability to an employee with network privileges accessing the network maliciously. Which type of penetration test should be used to test this vulnerability?

An organization wants to test its vulnerability to an employee with network privileges accessing the network maliciously. Which type of penetration test should be used to test this vulnerability?

• white-box
• black-box
• blue-box
• gray-box

Explanation: Gray-box penetration testing is when the test is run from within the internal network. Because most compromises start at the client and work their way throughout the network, a good approach would be a scope where the testers start inside the network and have access to a client machine. Then they could pivot throughout the network to determine the impact of a compromise. Gray-box testing is done in a partially known environment.
In black-box penetration testing, the tester is typically provided only limited information. (Unknown-environment testing.)
In white-box penetration testing, the tester starts with significant information about the organization and its infrastructure. (Totally known environment.)
The blue-box penetration testing is a box containing equipment for field quality testing and screening, with visual and written instructions for the users. CYBRI developed its own penetration testing services technology, called Blue-Box, which helps businesses and experts stay on the same page when it comes to testing, security controls, and security services.

Exam with this question: Ethical Hacker: Course Final Exam Answers