When using a third party assessor to perform a grey box vulnerability assessment for an organization, what type of information is commonly provided to the assessor?

When using a third party assessor to perform a grey box vulnerability assessment for an organization, what type of information is commonly provided to the assessor?

• no knowledge of current network architecture
• limited knowledge of current network architecture
• specific knowledge of current vulnerabilities
• full knowledge of current network architecture

Explanation: The goal of grey box testers is to verify vulnerabilities, identify the effort required to exploit them, and determine the potential impacts of exploits.

Exam with this question: IoT Security 1.1 Chapter 6 Quiz Answers