Free Preparation Discussions
MENU
Eccouncil ECSS Exam - Topic 2 Question 119 Discussion
Topic #: 2
Steve, a professional pen tester, was hired by an organization to assess its cybersecurity. The organization provided Steve with details such as network topology documents, asset inventory, and valuation information. This information helped Steve complete the penetration test successfully, and he provided a snapshot of the organization's current security posture.
Identify the penetration testing strategy followed by Steve in the above scenario.
In the scenario described, Steve is provided with comprehensive information about the organization's network, including topology documents, asset inventory, and valuation information.This approach is indicative ofwhite-box testing, which is a penetration testing strategy where the tester has full knowledge of the system being tested12.
White-box testing allows for a thorough examination of the internal workings of the system, as the tester has access to all information, including source code, architecture diagrams, and other documentation.This level of access enables the tester to perform a more detailed and complete security assessment, as opposed to black-box testing, where the tester has no prior knowledge of the system, or grey-box testing, which is a combination of both white and black-box testing methods12.
In this case, Steve's ability to provide a snapshot of the organization's current security posture is greatly enhanced by the detailed information provided to him, which is a hallmark of the white-box testing methodology.
Merlyn
4 days ago