CompTIA Security+ (SY0-501) — Question 252

A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities can be exploited. The company provided limited information pertaining to the infrastructure and database server. Which of the following forms of testing does this BEST describe?

Answer options

• A. Black box
• B. Gray box
• C. White box
• D. Vulnerability scanning

Correct answer: B

Explanation

The correct answer is B, Gray box, as it involves limited knowledge of the system being tested, reflecting the scenario where the company provided only partial information. In contrast, Black box testing (A) involves no prior knowledge, White box testing (C) requires complete knowledge of the system, and Vulnerability scanning (D) is a different approach focused on identifying known vulnerabilities without a thorough assessment of the overall security posture.