CompTIA Security+ (SY0-601) — Question 549

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following best represents the type of testing that will occur?

Answer options

• A. Bug bounty
• B. White-box
• C. Black-box
• D. Gray-box

Correct answer: B

Explanation

The correct answer is B, White-box testing, as it involves having full knowledge of the system's architecture, which the security firm has due to the developer documentation. The other options do not apply because Bug bounty refers to public testing for rewards, Black-box testing involves no prior knowledge of the system, and Gray-box testing is a mix of both but does not fit this scenario as closely as White-box.