A security administrator is being hired to perform a penetration test of a third-party cloud provider
as part of an annual security audit. Which of the following is the FIRST step that must be performed?
A.
Attempt known exploits
B.
Scan for vulnerabilities
C.
Research publicized incidents
D.
Get written permission