Which of the following best describes an appropriate measure to ensure a penetration tester has authorization to attack a target system?
Waiting for verbal consent from the system's owner before starting the test.
Starting the test during non-business hours to minimize impact on the system's performance.
Assuming permission is granted because there are no explicit restrictions against penetration testing.
Obtaining a signed authorization form from the system's owner.