CompTIA Security+ (SY0-401) — Question 10

Ann, a security administrator, has been tasked by the Chief Information Officer (CIO) to have the companys application servers tested using black box methodology.
Which of the following BEST describes what Ann has been asked to do?

Answer options

• A. Verify the server’s patch level and attempt various knows exploits that might be possible due to missing security updates.
• B. Simulate an external attack where the attackers have been provided with user access privileges on the server.
• C. Organize the application developers to attempt to compromise their servers by entering invalid data into their entry fields.
• D. Simulate an external attack where the attackers have no information regarding the software or systems in place.

Correct answer: D

Explanation

The correct answer is D because black box testing involves simulating attacks without prior knowledge of the system, which aligns with the definition of black box methodology. Options A and B involve known vulnerabilities or user access, which do not fit the black box approach, while C focuses on developer testing rather than simulating an external attack.