CompTIA Security+ (SY0-601) — Question 789

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that will occur?

Answer options

• A. Bug bounty
• B. Black-box
• C. Gray-box
• D. White-box
• E. Red-team

Correct answer: A

Explanation

The situation describes a bug bounty program where external testers are rewarded for finding vulnerabilities. While black-box, gray-box, and white-box testing refer to different levels of tester knowledge about the environment, they do not involve compensation for discovered vulnerabilities like a bug bounty does. Red-team testing focuses on simulating real-world attacks rather than rewarding for vulnerabilities found.