CompTIA Security+ (SY0-601) — Question 211

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given the documentation only available to the customers of the applications. Which of the following BEST represents the type of testing that will occur?

Answer options

• A. Bug bounty
• B. Black-box
• C. Gray-box
• D. White-box

Correct answer: C

Explanation

The correct answer is C, Gray-box, as it indicates that the testing team has partial knowledge of the system, represented by their access to customer documentation. Options A (Bug bounty) refers to a program where security researchers report vulnerabilities for rewards, B (Black-box) implies no prior knowledge of the system, and D (White-box) indicates full access to the source code and internal documentation, which is not the case here.