Certificate of Cloud Auditing Knowledge (CCAK) — Question 163
A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP’s security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP?
Answer options
- A. Double gray box
- B. Tandem
- C. Reversal
- D. Double blind
Correct answer: D
Explanation
The correct answer is 'Double blind' because it indicates that the auditor conducts the test without any prior knowledge of the CSP's defenses or systems, and the security team is unaware of the testing specifics. The other options, such as 'Double gray box' and 'Tandem', imply some level of knowledge or coordination that does not apply in this scenario.