Certified Ethical Hacker (CEH v11) — Question 149

The `Gray-box testing` methodology enforces what kind of restriction?

Answer options

• A. Only the external operation of a system is accessible to the tester.
• B. The internal operation of a system in only partly accessible to the tester.
• C. Only the internal operation of a system is known to the tester.
• D. The internal operation of a system is completely known to the tester.

Correct answer: B

Explanation

The correct answer is B because Gray-box testing allows testers to have partial knowledge of the internal workings of a system while still evaluating its external behavior. Answer A is incorrect as it describes black-box testing, while C and D imply full or exclusive knowledge of internal operations, which contradicts the gray-box approach.