The correct answer is 'A signed non-disclosure agreement (NDA)'. An NDA is a legal contract that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to or by third parties. Penetration testers must ensure that an NDA is signed before proceeding with their assessments to protect both their own legal interests and those of the client. It sets clear boundaries on what information can be shared and helps maintain the integrity and confidentiality of both parties involved in the testing process. The Time of engagement and Risk assessment report are parts of later stages in the engagement process and do not usually have the confidentiality clauses typically included within an NDA.