CompTIA Security+ (SY0-501) — Question 490
Which of the following types of security testing is the MOST cost-effective approach used to analyze existing code and identity areas that require patching?
Answer options
- A. Black box
- B. Gray box
- C. White box
- D. Red team
- E. Blue team
Correct answer: C
Explanation
The correct answer is C, White box testing, as it involves thorough examination of the internal logic, structure, and coding of the software, allowing for effective identification of vulnerabilities that need fixing. Black box testing (A) does not consider internal code structure, thus may miss critical issues. Gray box testing (B) combines aspects of both but is not as comprehensive as white box. Red team (D) and Blue team (E) focus on offensive and defensive strategies, respectively, rather than direct code analysis.