EC-Council Certified Security Analyst (ECSA v10) — Question 8
A security analyst at Techsoft Solutions is performing penetration testing on the critical IT assets of the company. As part of this process, he is simulating the methodologies and techniques of a real attacker because he is provided with limited or zero information about the company and its assets.
Identify the type of testing performed by the security analyst?
Answer options
- A. Announced testing
- B. Blind testing
- C. White-box testing
- D. Unannounced testing
Correct answer: B
Explanation
The correct answer is B, Blind testing, as it involves testing without prior knowledge of the system, simulating a real attacker's perspective. Announced testing (A) involves prior notification, while White-box testing (C) provides complete knowledge of the system, and Unannounced testing (D) may not imply the same level of information deprivation as blind testing.