The security consultant is assigned to test a client’s new software for security, after logs show
targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to
the application program interfaces, code, or data structures. This is an example of which of the
following types of testing?

A.
Black box

B.
Penetration

C.
Gray box

D.
White box

Explanation: