Which assessment type conducts security evaluation without obtaining any credentials?

Non-credentialed assessment refers to security evaluations performed without any login or credentials. This means the tester operates as an external attacker, with no inside access, relying on publicly visible information, external network scanning, and misconfigurations that don’t require authentication. This approach is used to gauge what an outside attacker could discover or exploit without having credentials, highlighting exposure at the perimeter and in publicly reachable systems. The other terms describe methods or approaches, but they don’t specify testing with or without credentials; a credentialed assessment uses valid credentials to test deeper internal controls, while the listed approaches don’t inherently define credential usage. Therefore, conducting the assessment without obtaining any credentials aligns with a non-credentialed assessment.