DAST is usually run against live systems. What is true about the individuals running the test?

When it comes to Dynamic Application Security Testing (DAST), the nature of the test typically requires the testers, often referred to as ethical hackers or security specialists, to have limited knowledge of the system. This approach simulates a real-world attack where the attacker does not have complete access or insider information about the application being tested.

In DAST, the focus is on assessing how the application performs and responds under different conditions, much like an external threat would. The testing method itself is designed to identify vulnerabilities that may be exploited by someone who interacts with the application from the outside, without prior knowledge of its inner workings.

Thus, having complete knowledge of the system, as suggested in the selected answer, does not align with the principles of DAST which aims to discover security weaknesses from the viewpoint of an external entity. Testers may have general understanding or reconnaissance but should not operate with full system knowledge to effectively replicate the experience of a typical attacker.