A client has approached you with a penetration test requirements. They are concerned with the
possibility of external threat, and have invested considerable resources in protecting their Internet
exposure. However, their main concern is the possibility of an employee elevating his/her
privileges and gaining access to information outside of their respective department.
What kind of penetration test would you recommend that would best address the client’s concern?
A.
A Black Box test
B.
A Black Hat test
C.
A Grey Box test
D.
A Grey Hat test
E.
A White Box test
F.
A White Hat test
C
Why not white box?
white box is more like a sys admin going bad, full knowledge of the internal network.
grey box is more like a user escalating privs to do more, someone with limited internal network knowledge
black box is outside user with no internal network knowledge, may be the ip range of the company in question.