An organization must comply with a new regulation that requires the organization to determine if
an external attacker is able to gain access to its systems from outside the network. Which of the
following should the company conduct to meet the regulation’s criteria?
A.
Conduct a compliance review
B.
Conduct a vulnerability assessment
C.
Conduct a black box penetration test
D.
Conduct a full system audit