A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget?
A. Engage the penetration-testing firm's rea-team services to fully mimic possible attackers.
B. Give the penetration tester data diagrams of core banking applications in a known-environment test.
C. Limit the scope of the penetration test to only the system that is used for teller workstations.
D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.
A. Engage the penetration-testing firm's rea-team services to fully mimic possible attackers.
B. Give the penetration tester data diagrams of core banking applications in a known-environment test.
C. Limit the scope of the penetration test to only the system that is used for teller workstations.
D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.