What action is essential to confirm that penetration testing activities target only in-scope assets and avoid potential mission creep?
Selecting targets based on the information gathered during the reconnaissance phase
Presuming the targets are the same as previous engagements with the client
Questioning the client or reviewing the contracts
Using automated tools to define which systems or resources are tested