To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions.
Which of the following approaches is described?
A. Blue team
B. Red team
C. Black box
D. White team
Correct Answer: C
Explanation/Reference: http://resources.infosecinstitute.com/the-types-of-penetration-testing/#gref