A company hires a cybersecurity consultant to perform penetration tests. What is the key difference between unknown-environment testing and known-environment testing?
- the types of systems and network to be tested
- the amount of information provided to the consultant
- the tools and types of tests allowed during testing
- credentials and certificates required of the consultant
Explanation & Hint: The key difference between unknown-environment testing and known-environment testing is the amount of information provided to the consultant. In typical unknown-environment testing, only a very limited amount of information would be provided to the consultant. This type of limitation is to have the consultant start with the perspective that an external attacker might have. In typical known-environment testing (formerly known as white-box penetration testing), the consultant starts with significant information about the organization and its infrastructure. Other factors could be the same or similar to both testing types. |