An organization is planning a penetration test of its internal network. The test team has been given network diagrams, source code access, and administrative credentials. This type of testing is known as:
Full disclosure of system details to testers.
Why this answer
White-box testing (also known as clear-box or structural testing) is characterized by the test team having full knowledge of the internal system architecture, including network diagrams, source code, and administrative credentials. This level of access allows testers to perform a thorough analysis of the application logic, configuration weaknesses, and potential backdoors that would be invisible in a black-box approach. The scenario explicitly states the team was given these artifacts, making white-box testing the correct classification.
Exam trap
The trap here is that candidates often confuse 'red team testing' with 'white-box testing' because both involve internal knowledge, but red team testing is defined by its adversarial objectives and operational scope, not by the level of information disclosure, whereas the question's key differentiator is the explicit provision of source code and credentials.
How to eliminate wrong answers
Option A is wrong because black-box testing assumes no prior knowledge of the internal network, source code, or credentials; testers simulate an external attacker with zero information, which contradicts the provided access. Option B is wrong because red team testing is a goal-based, adversarial simulation that often includes social engineering and physical breaches, and while it may use some internal knowledge, it is defined by its objective (e.g., testing detection and response) rather than the level of access given; the question specifically asks about the type of testing based on information provided, not the team's mission. Option D is wrong because gray-box testing involves partial knowledge (e.g., network diagrams but not source code or credentials), whereas the team here received full source code and administrative credentials, which is a hallmark of white-box testing.