During the scoping phase of a penetration test, which of the following would BEST define a clear boundary when assessing a client's assets hosted on a cloud platform?
Stating that only Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) models will be included in the test.
Limiting the penetration test to only the resources and assets that are hosted by third-party service providers.
Specifying the IP ranges associated with the client's virtualized cloud network infrastructure.
Agreeing to test any application hosted on the cloud platform, as long as they are related to the client's operations.