I have submitted my report.  If I face a similar question on the same topic on my exam I am taking in less than two weeks, should I answer correctly or answer how the ISC2 training materials have coached me?

The best advice is "Choose the best answer"  Also carefully read the question.  I have this issue, I tend to speed read and sometime, it gets me into issues.

May we see the question you are concerned about?

d

I hope that providing this one question is not considered an ethical violation of my obligation to protect ISC2's intelectual property.  🙂

Which of the following scoped test methods has the greatest potential for operational variation? (2.3)
A. Black box testing
B. White box testing
C. Gray box testing
D. There is no variance between methods

@Larry_E_Potter 

I would have picked B. what is the system telling you is the right answer of what do you think the answer should be?

@Larry_E_Potter   Please remember that the people that develop actual exam questions are not the same people that develop questions for ISC2 training.  So in the training there will be answers there that are not correct by ISC2 exam objectives.   Follow those and not the training.  The questions are to make you think, and the fact that you recognize them as incorrect is good.  Best wishes.  

The writer's justification does not even make proper use of the terms black/white/gray.

Your answer is correct. C <- WRONG, should be Black Box & Google AI agrees with me 🙂

Gray box testing creates the most operational variation of the three options. This is because there is no strict visibility into the operational scheme as with black box and white box testing, which both have preliminary "knowns" about the scope and conduct of the test.
The operational variation in black box testing is bounded because you are only testing inputs and outputs. White box testing is where all the source code is exposed. This, like black box testing, defines the operational bounds from the beginning. Gray box testing can be extremely variable from test to test. Some gray box tests are more like black box tests, with strict bounds. Others are more like white box tests, which have less strict bounds but also strict knowns. The result is that a gray box test can introduce variability into the environment that neither of the stricter techniques do.

Some extra research....
https://www.eccouncil.org/cybersecurity-exchange/penetration-testing/black-box-gray-box-and-white-bo...
https://www.redscan.com/news/types-of-pen-testing-white-box-black-box-and-everything-in-between/

I am disappointed with the Q&A provided in the eBook and the online training.  Too many times (80-90%), they telegraph the correct answer by their word/phrase choices and by nearly always being the longest answer.  😞

@Larry_E_Potter @CBMExamTeam

I find it unfortunate that you are coming up with so many issues.  As I understand it, there could potentially be three different sets of item (question) developers.  One for the actual examination.  This group develops items, reviews them and finally will review stats on some questions.  The second  team develops the training (course material and test questions.  The third team are the folks that develop the printed materials (books, etc.)  Sometimes the second and third team may be the same BUT the first group is totally independent.

I cannot say what process the folks that develop printed material follows but the exam developers and the team developing the training materials do follow the same exacting process for items.  The item is developed, put forth, peer reviewed and then used. 

The process typically includes developing the stem (questions), selecting the correct answer and then developing three distractors (wrong answers)

@CBMExamTeam If I mis-spoke could you correct me?

d