Types of Penetration Tests

B.

The correct answer is C. Credentialed.

A penetration test is a simulated attack on a computer system or network to identify vulnerabilities and assess its security posture. It can be performed in various ways, depending on the scope and objective of the test. One way to categorize penetration tests is by the level of knowledge and access that the tester has to the system or network being tested. The four types of penetration tests based on this classification are:

A. Black box: The tester has no prior knowledge or access to the system or network being tested. This type of test simulates an external attacker who has no inside information about the target. The tester may use techniques such as reconnaissance, scanning, and social engineering to gather information and exploit vulnerabilities. In a black box test, the tester would not have access to password hashes prior to the test.

B. Gray box: The tester has partial knowledge or access to the system or network being tested. This type of test simulates an insider or a contractor who has limited access to the target. The tester may have some credentials or documentation that provide some level of access. In a gray box test, the tester would not have access to password hashes unless they are granted such access as part of the testing agreement.

C. Credentialed: The tester has valid credentials or access to the system or network being tested. This type of test simulates an authenticated user who has legitimate access to the target. The tester may use tools and techniques that require authentication, such as password cracking, privilege escalation, and lateral movement. In a credentialed test, the tester would have access to password hashes prior to the test, as they would be required to provide credentials.

D. White box: The tester has full knowledge and access to the system or network being tested. This type of test simulates an internal IT staff member who has complete control and knowledge of the target. The tester may have administrative or root access to the target and can perform any action. In a white box test, the tester would have access to password hashes and any other information or resources related to the target.

In summary, a credentialed penetration test allows the tester to have access to password hashes prior to the test, while a black box or gray box test does not.