CompTIA Security+ (SY0-501) — Question 132

As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed?

Answer options

• A. Black box
• B. Regression
• C. White box
• D. Fuzzing

Correct answer: C

Explanation

The correct answer is C, White box, as it involves providing the tester with complete access to the internal workings of the application, including source code and documentation. In contrast, A, Black box testing, does not grant such access, B, Regression testing, focuses on verifying that changes haven't adversely affected existing functionality, and D, Fuzzing, is a technique for testing input handling rather than a comprehensive assessment method.