A company hires a cybersecurity consultant to perform penetration tests. The consultant is discussing with the company about the penetration testing strategy. Which statement describes the term unknown-environment testing?
- This is a type of testing where the scope of the work could be extended later.
- This is a type of testing where the time frame of the work can be flexible and extension is possible.
- This type is a type of testing where the budget can be further negotiated throughout the testing.
- This type of testing is where the consultant will be provided with very limited information about the targeted systems and network.
|
Explanation & Hint: In unknown-environment testing (formerly called black-box penetration testing), the consultant is typically provided only a very limited amount of information, for example, only the domain names and IP addresses that are in scope for a particular target. This type of limitation is to have the consultant start with the perspective that an external attacker might have. |