What action is essential to confirm that penetration testing activities target only in-scope assets and avoid potential mission creep?
Presuming the targets are the same as previous engagements with the client
Selecting targets based on the information gathered during the reconnaissance phase
Questioning the client or reviewing the contracts
Using automated tools to define which systems or resources are tested