Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security
company has been hired to perform a penetration test against his network. The security company asks
Matt which type of testing would be most beneficial for him. Which of the following BEST describes what
the security company might do during a black box test?
A.
The security company is provided with all network ranges, security devices in place, and logical maps of
the network.
B.
The security company is provided with no information about the corporate network or physical
locations.
C.
The security company is provided with limited information on the network, including all network
diagrams.
D.
The security company is provided with limited information on the network, including some subnet
ranges and logical network diagrams.
Explanation:
The term black box testing is generally associated with application testing. However, in this question the
term is used for network testing. Black box testing means testing something when you have no
knowledge of the inner workings.
Black-box testing is a method of software testing that examines the functionality of an application
without peering into its internal structures or workings. This method of test can be applied to virtually
every level of software testing: unit, integration, system and acceptance. It typically comprises most if not
all higher level testing, but can also dominate unit testing as well.
Specific knowledge of the application’s code/internal structure and programming knowledge in general is
not required. The tester is aware of what the software is supposed to do but is not aware of how it does
it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not
aware of how the software produces the output in the first place.
Incorrect Answers:
A: In this answer, the tester is given detailed information about the inner workings of the network.
Testing the network with detailed knowledge of the network would be considered a white-box test. Black
box testing means testing something when you have no knowledge of the inner workings.
C: In this answer, the tester is given some information but not detailed information about the inner
workings of the network. Testing the network with limited knowledge of the network would be
considered a gray-box test. Black box testing means testing something when you have no knowledge of
the inner workings.
D: In this answer, the tester is given some information but not detailed information about the inner
workings of the network. Testing the network with limited knowledge of the network would be
considered a gray-box test. Black box testing means testing something when you have no knowledge of
the inner workings.http://en.wikipedia.org/wiki/Black-box_testing