What type of penetration testing involves testers only having access to customer documentation?

The appropriate answer is that black-box testing involves penetration testers having no prior knowledge of the internal workings of the system they are testing, which aligns with the scenario where testers have access only to customer documentation. This means the testers must rely solely on the information provided without any insight into the underlying architecture or code. The goal of black-box testing is to simulate an outsider's attack and determine how effectively the system can withstand real-world threats based on the documentation provided.

In contrast, other types of penetration testing offer varying degrees of access or insight. For example, in gray-box testing, testers receive some level of insider knowledge, such as architecture details or access to certain code segments, allowing for a more in-depth exploration of potential vulnerabilities. White-box testing, on the other hand, provides full access to internal resources, including source code and configuration settings, enabling a comprehensive evaluation of security measures. Bug bounty programs typically involve inviting external security researchers to find vulnerabilities in a system for a reward, which does not conform to the controlled access scenario described in the question.