CompTIA Security+ (SY0-501) — Question 236

An external contractor, who has not been given information about the software or network architecture, is conducting a penetration test. Which of the following
BEST describes the test being performed?

Answer options

• A. Black box
• B. White box
• C. Passive reconnaissance
• D. Vulnerability scan

Correct answer: A

Explanation

The correct answer is A, Black box, because this type of test is conducted without prior knowledge of the system's architecture. In contrast, a White box test involves full knowledge of the system, Passive reconnaissance refers to gathering information without direct interaction, and a Vulnerability scan is a more automated assessment of system weaknesses.