Which of the following best describes an appropriate measure to ensure a penetration tester has authorization to attack a target system?
Obtaining a signed authorization form from the system's owner.
Assuming permission is granted because there are no explicit restrictions against penetration testing.
Waiting for verbal consent from the system's owner before starting the test.
Starting the test during non-business hours to minimize impact on the system's performance.