CompTIA Security+ (SY0-501) — Question 752

A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities can be exploited. The company provided limited imformation pertaining to the infrastructure and database server. Which of the following forms of testing does this BEST describe?

Answer options

• A. Black box
• B. Gray box
• C. White box
• D. Vulnerability scanning

Correct answer: B

Explanation

The correct answer is B, Gray box, because this testing method combines both known and unknown elements, allowing the tester limited information about the system. Black box testing (A) involves no prior knowledge of the system, White box testing (C) requires full knowledge of the system's internals, and Vulnerability scanning (D) is typically an automated process that identifies vulnerabilities without the depth of testing involved in gray box assessments.