Certified Information Security Manager (CISM) — Question 47
The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:
Answer options
- A. require less IT staff preparation
- B. identify more threats
- C. simulate real-world attacks
- D. cause fewer potential production issues
Correct answer: C
Explanation
The correct answer is C because black-box control tests simulate real-world attacks, allowing organizations to understand how their systems would react under attack conditions. In contrast, while A, B, and D may have some merit, they do not capture the essence of what makes black-box testing particularly valuable in assessing security from an external perspective.