What is the BEST initial approach when conducting a penetration test on an organization's network having no prior knowledge of their security posture, to ensure compliance with security testing protocols and minimize the risk of disruption?
Start with network mapping to determine the layout of the target infrastructure and systems.
Initiate an active reconnaissance phase to immediately identify exploitable vulnerabilities in the organization's network.
Perform passive reconnaissance to collect information without interacting with the target system to avoid legal repercussions.
Refer to the Rules of Engagement to define the scope and boundaries of the penetration test before starting any probing activities.