Open box testing, in the Flaw Hypothesis Methodology of Penetration Testing applies to the analysis
of

A.
Routers and firewalls

B.
Host-based IDS systems

C.
Network-based IDS systems

D.
General purpose operating systems

Explanation:
Flaw Hypothesis Methodology – A system analysis and penetration technique where specifications
and documentation for the system are analyzed and then flaws in the system are hypothesized.
The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw
actually exists and, assuming a flaw does exist, on the ease of exploiting it and on the extent of
control or compromise it would provide. The prioritized list is used to direct the actual testing of the
system.
http://www.kernel.org/pub/linux/libs/security/Orange-Linux/refs/Orange/Orange0-5.html