Question 1
UnclassifiedA cloud service provider contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The Isaca CCAK Dumps By Bentley - Page 9 provider's security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode has been selected by the provider?
Correct answer: B
Explanation
Double blind testing means the tester has “no prior knowledge” of the target’s defenses, assets, or channels, and the provider’s security team is also not notified in advance. Because both the auditor and the SOC are unaware of the scope and test vectors, this matches a “double blind” mode.
Why each option is right or wrong
A. Reversal
B. Double blind
Under common penetration-testing classifications, a double-blind engagement is the one where the tester is given no advance intelligence about the target and the defender’s security team is also kept uninformed. Here, the auditor has no prior knowledge of defenses, assets, or channels, and the SOC is not notified of the scope or test vectors, satisfying both halves of that definition. The distinguishing feature is the absence of prior notice to both sides, unlike a single-blind test where only one party is unaware.
C. Double gray box
D. Tandem