CompTIA Security Plus Mock Test Q687

A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:

A. Black box testing
B. White box testing
C. Black hat testing
D. Gray box testing


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be
applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing
as well.
Specific knowledge of the application’s code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is
not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the
first place.

Incorrect Answers:
B: White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or
workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing an internal perspective of the system, as well as programming skills, are used to
design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit
testing (ICT).
White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-box testing as being
done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems
during a system–level test.
This question is asking about testing the application without any knowledge of the internal mechanisms.
C: Black hat is used to describe a hacker (or, if you prefer, cracker) who breaks into a computer system or network with malicious intent. Unlike a white hat hacker, the black hat
hacker takes advantage of the break-in, perhaps destroying files or stealing data for some future purpose. The black hat hacker may also make the exploit known to other hackers
and/or the public without notifying the victim. This gives others the opportunity to exploit the vulnerability before the organization is able to secure it.
Black hat testing is testing an application for malicious purposes.
D: Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has limited knowledge of the internal details of the program. A gray box is a
device, program or system whose workings are partially understood.
Gray box testing can be contrasted with black box testing, a scenario in which the tester has no knowledge or access to the internal workings of a program, or white box testing, a
scenario in which the internal particulars are fully known. Gray box testing is commonly used in penetration tests.
Gray box testing is considered to be non-intrusive and unbiased because it does not require that the tester have access to the source code. With respect to internal processes, gray
box testing treats a program as a black box that must be analyzed from the outside. During a gray box test, the person may know how the system components interact but not have
detailed knowledge about internal program functions and operation. A clear distinction exists between the developer and the tester, thereby minimizing the risk of personnel conflicts.
This question is asking about testing the application without any knowledge of the internal mechanisms.

References:
http://en.wikipedia.org/wiki/Black-box_testing
http://en.wikipedia.org/wiki/White-box_testing
http://searchsecurity.techtarget.com/definition/black-hat
http://searchsoftwarequality.techtarget.com/definition/gray-box