A client, operating a multinational corporation, requires a penetration test for their network infrastructure. However, due to strict data sovereignty laws, they insist that any discovered data must not leave the country of origin. The penetration test is to be performed remotely from your location in another country. Which of the following approaches would BEST align with the client's data sovereignty restrictions?
Encrypting all test results to prevent unauthorized access while transmitting data back to your location
Utilize a jump box located within the client's country to conduct tests and analyze results
Limit the scope to include only the testing of public-facing services to avoid data sovereignty complications
Instantiating a VPN to the client's network to ensure a secure connection for testing