CompTIA Security+ (SY0-501) — Question 263

Which of the following types of penetration test will allow the tester to have access only to password hashes prior to the penetration test?

Answer options

• A. Black box
• B. Gray box
• C. Credentialed
• D. White box

Correct answer: B

Explanation

The correct answer is B, Gray box, as this type of test provides the tester with limited access, such as password hashes, allowing them to simulate an insider threat. Black box tests do not give the tester any prior knowledge, while Credentialed tests provide full access, and White box tests give complete visibility into the system.