Exam SY0-601 topic 1 question 352 discussion

C Black=unknown info white=full info grey=partial info

Because the company only has SOME information about the environment, this is a gray box.

Imo this is a black box, since we have no idea about the software workings besides from a user perspective. A gray box usually provides some minor/basic info on how the software works.

Answer is C

partial information has been shared = gray box

The BEST representation of the type of testing that will occur in this scenario is Gray-box testing. Gray-box testing is a testing approach that combines elements of both black-box and white-box testing. In gray-box testing, the tester has partial knowledge or limited access to the internal workings and details of the system being tested. In this case, the outside security firm has been given documentation that is only available to customers of the applications, indicating that they have some level of insight into the system.

documentation , so the answer is A.

The type of testing that will occur in this scenario is black-box testing. Black-box testing is a type of penetration testing where the tester has no prior knowledge of the system being tested and is given minimal information, such as an application's user documentation or a URL for a web application. The objective is to simulate an external attacker and test the system's ability to resist attacks from an unknown threat. The other options, bug bounty, gray-box, and white-box testing, involve different levels of access to the system being tested and different objectives.

C. Gray-box

To be White Box, they would also have to have knowledge of all of the infrastructure.