ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 646 discussion

Actual exam question from CompTIA's SY0-501
Question #: 646
Topic #: 1
[All SY0-501 Questions]

Which of the following methods is used by internal security teams to assess the security of internally developed applications?

  • A. Active reconnaissance
  • B. Pivoting
  • C. White box testing
  • D. Persistence
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ZiggyZach at May 16, 2020, 12:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
fonka
3 years, 10 months ago
The question is asking the steps in penetration test there are 5 steps and the first steps is gathering the intelligence or collecting info before going to the war front so the key word assess means to seek or estimate or look information so based on this the amswery is Active reconnaissance. White box testing is the third step next to scanning. The pen testing process can be broken down into five stages. Planning and reconnaissance. The first stage involves: ... Scanning. The next step is to understand how the target application will respond to various intrusion attempts. ... Gaining Access. ... Maintaining access. ... Analysis.
upvoted 1 times
...
StickyMac231
3 years, 10 months ago
key indicators are internet testing and access to applications = white box testing.
upvoted 2 times
...
StickyMac
3 years, 11 months ago
Key here is white-box is an internal structure and processing are known and understood.
upvoted 3 times
...
StickyMac
3 years, 11 months ago
white box is a device whose internal structure and processing are known and understood. This distinction is important in penetration testing, where white-box testing makes use of knowledge about how an organization is structured, what kinds of hardware and software it uses, and its security policies, processes, and procedures.
upvoted 1 times
...
nakres64
4 years, 2 months ago
White box tests are useful for simulating the behavior of a privileged insider threat.
upvoted 1 times
...
ibeastalot7
4 years, 9 months ago
Keyword is "internal" they have the code so its white box testing
upvoted 2 times
Ibrahim_aj
4 years, 8 months ago
so is "internally developed applications" it tells you what is the purpose of the testing, you cannot use active reconnaissance on app, so the only option left is white box testing which can be used on apps
upvoted 2 times
...
...
Hot_156
4 years, 10 months ago
NOPE because of "Active reconnaissance. Used tools such as network and vulnerability scanner to send data and analyze the responses." You already will know everything about the application and how test it
upvoted 3 times
...
ZiggyZach
4 years, 11 months ago
couldn't this be active reconnaissance as well?
upvoted 2 times
MagicianRecon
4 years, 10 months ago
Reconnaissance is collecting more info about potential targets. Internal security team testing company's own software would get all the info from the devs and can perform a white hat test
upvoted 8 times
...
Born_Again
3 years, 11 months ago
White box / Known environment • Full disclosure
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago