Systems Security Certified Practitioner – SSCP – Question0309 - Systems Security Certified Practitioner

Which of the following would best describe the difference between white-box testing and black-box testing?

A. White-box testing is performed by an independent programmer team.
B. Black-box testing uses the bottom-up approach.
C. White-box testing examines the program internal logical structure.
D. Black-box testing involves the business units

Correct Answer: C

Explanation:

Black-box testing observes the system external behavior, while white-box testing is a detailed exam of a logical path, checking the possible conditions. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 299).