Questioning the client or reviewing the contracts is the correct answer. Doing so allows penetration testers to clarify which assets are in-scope and which are not, according to the formalized written agreement. This confirmation is vital to maintain the integrity of the engagement and ensure that only authorized systems and resources are tested. Selecting targets based on the reconnaissance phase alone may inadvertently include out-of-scope assets, leading to unauthorized testing. Using automated tools to test in-scope assets does not validate that these assets are within the approved engagement parameters, and presuming to know the targets based on previous engagements introduces risks of ignoring current formal agreements.