An organization wants to test its vulnerability to an employee with network privileges accessing the network maliciously. Which type of penetration test should be used to test this vulnerability?
- white-box
- black-box
- blue-box
- gray-box
Explanation: Gray-box penetration testing is when the test is run from within the internal network. Because most compromises start at the client and work their way throughout the network, a good approach would be a scope where the testers start inside the network and have access to a client machine. Then they could pivot throughout the network to determine the impact of a compromise. Gray-box testing is done in a partially known environment.
In black-box penetration testing, the tester is typically provided only limited information. (Unknown-environment testing.)
In white-box penetration testing, the tester starts with significant information about the organization and its infrastructure. (Totally known environment.)
The blue-box penetration testing is a box containing equipment for field quality testing and screening, with visual and written instructions for the users. CYBRI developed its own penetration testing services technology, called Blue-Box, which helps businesses and experts stay on the same page when it comes to testing, security controls, and security services.
Exam with this question: Ethical Hacker: Course Final Exam Answers
Please login or Register to submit your answer