Exam CISSP topic 1 question 253 discussion

Grey box because it says " former". Some things might have changed in the environment so it's not the white box.

If a black-box tester is examining a system from an outsider’s perspective, a gray-box tester has the access and knowledge levels of a user, potentially with elevated privileges on a system. Gray-box pentesters typically have some knowledge of a network’s internals, potentially including design and architecture documentation and an account internal to the network. https://resources.infosecinstitute.com/topic/what-are-black-box-grey-box-and-white-box-penetration-testing/

I guess the question is how long ago was he "former" because if it's just yesterday, then it's highly possible that the architecture hasn't changed much, has it? I hope that actual exam doesn't have too much of these type of vague context questions.

White box: White box testing (also known as clear box, open box, or glass box testing) involves complete knowledge of the system, including internal structures, configurations, and source code. This type of testing is most suitable for simulating the actions of a former network administrator because it takes advantage of insider knowledge, which would include detailed information about the network, configurations, and potential vulnerabilities. Also Grey box: Grey box testing involves having partial knowledge of the internal workings of the system. The tester has limited knowledge of the environment and uses both external and some internal perspectives to conduct the test. While it can be useful, it does not fully simulate the insider knowledge that a former network administrator would have. #Shadtech

D. Whitebox: Former could mean former even as recently as of yesterday. This would mean this administrator has full knowledge of all internals.

It makes more sense to go with D. White box as opposed to Grey box. The assumption should be that since he is a former employee, he should know everything within the network. Even if things have changed since the former employee left, it's still a best practice to assume that they know more.

Assuming the system has changed, C. Grey box is "OK". However, if there are no changes since the administrator left, a white box test would provide more information to the tester, so that easier to find vulnerabilities, and the result will be more valid.

From the CISSP Official Study Guide - "White-Box Penetration Test Provides the attackers with detailed information about the systems they target. This bypasses many of the reconnaissance steps that normally precede attacks, shortening the time of the attack and increasing the likelihood that it will find security flaws. These tests are sometimes called "known environment" tests."

D. White box A white box penetration test simulates the actions of an internal user or administrator who has knowledge of the internal network and systems, similar to a former network administrator.

D. White box A White box penetration test simulates the actions of an attacker who has knowledge of the internal structure and operation of the system or network. This type of test is also known as an "internal" test. It is appropriate in this scenario of simulating the malicious actions of a former network administrator, as this person would have knowledge of the internal structure and operation of the network and may have access to privileged information, like credentials, and the knowledge of weak points in the network. It allows the organization to identify vulnerabilities that an attacker could potentially exploit, and to evaluate the overall security of their network and systems. -source: openai

The best answer is C - Grey Box.

Is definitely C, don't tell me a former admin is still maintaining his creds and privileges even after employment or even welcomed into the building to even hook anything into any sort of port. But he might still have knowledge of the entire topology to network which is to his advantage while outside.

"simulates the malicious actions of a former network administrator" <<At the time of the malicious activity, was that not white box? If you are simulating what he did while the NA was employed, they would have had full knowledge of the network.

"former" or "old" administrator. Changes has changed since then