What characterizes a known environment penetration test?
- The test is somewhat of a hybrid approach between unknown and known environment tests.
- The tester could be provided with network diagrams, IP addresses, configurations, and user credentials.
- The tester should not have prior knowledge of the organization and infrastructure of the target.
- The tester may be provided only the domain names and IP addresses in the scope of a particular target.
Explanation & Hints: In a known-environment penetration test (previously known as a white box), the tester starts with significant information about the organization and the infrastructure. The tester would normally be provided with network diagrams, IP addresses, configurations, and user credentials. This type of test aims to identify as many holes as possible. |