When scoping a penetration test, why is it imperative to ascertain whether the targets are first-party or third-party hosted?
To establish whether the penetration test should be black box, grey box, or white box
To ensure appropriate permissions are obtained and legal requirements are met for the assets being tested
To decide whether the test should be conducted during business hours or after hours only
To determine the range of tools and techniques permitted during the test