A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents should include these details?
A.
Acceptable use policy
B.
Service level agreement
C.
Rules of engagement
D.
Memorandum of understanding
E.
Master service agreement
Explanation: