CISM Exam - Question 353

Black box is no information shared, so C for me

C is the correct answer.

clearly, C.

C. They Simulate real-world scenarios.

The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they simulate real-world attacks. Black-box testing is conducted with no prior knowledge of the system under test, simulating the perspective of an external attacker. This approach provides a realistic assessment of an organization's security posture and identifies vulnerabilities that might not be uncovered through other testing methods. In contrast, white-box testing is performed with full knowledge of the system's architecture, design, and source code, making it less realistic and less able to detect external threats.

eS c sin duda

C. simulate real-world attacks

another vote for C

I don’t understand why the system say different. In my opinion is C for sure

C. simulate real-world attacks Black-box control tests simulate real-world attacks because they are conducted with limited knowledge of the internal workings of the system or application being tested. Testers approach the system as an external entity, similar to a potential attacker who doesn't have insider knowledge. This helps identify vulnerabilities and weaknesses that might be exploited by real attackers. White-box control tests, on the other hand, involve testing with knowledge of the internal structure and code of the system, which may not always reflect how a real-world attacker would interact with the system.

C. simulate real-world attacks

Look at this question from a management perspective. Black- box testing requires less efforts for preparation. Next to that it simulate real-world attacks.