Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Explanation/Reference:
Explanation:
A TCP sequence prediction attack is an attempt to predict the sequence number used to identify the packets in a TCP connection, which can be used to counterfeit packets.
Incorrect Answers:
A: IP spoofing attacks do not use TCP sequence numbers. IP spoofing is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity.
B: Syn flood attacks do not use TCP sequence numbers. A SYN flood DoS attack where an attacker sends a succession of SYN packets with the goal of overwhelming the victim system so that it is unresponsive to legitimate traffic.
D: A Smurf attack does not use TCP sequence numbers. In a smurf attack the attacker sends an ICMP ECHO REQUEST packet with a spoofed source address to a victim's network broadcast address.
References:
https://en.wikipedia.org/wiki/TCP_sequence_prediction_attack

A White box penetration test simulates the actions of an attacker who has knowledge of the internal structure and operation of the system or network. This type of test is also known as an
"internal" test.
It is appropriate in this scenario of simulating the malicious actions of a former network administrator, as this person would have knowledge of the internal structure and operation of the network and may have access to privileged information, like credentials, and the knowledge of weak points in the network.
It allows the organization to identify vulnerabilities that an attacker could potentially exploit, and to evaluate the overall security of their network and systems.