Certified Information Systems Security Professional (CISSP) — Question 357

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

Answer options

• A. Functional test
• B. Unit test
• C. Grey box
• D. White box

Correct answer: D

Explanation

A White box penetration test provides the tester with full knowledge of the system, allowing them to simulate the actions of a former insider with access. In contrast, a Grey box test provides partial knowledge, while Functional and Unit tests focus on specific components and functionality rather than broader security assessment.