At what stage of an assessment would an auditor test systems for weaknesses and attempt to defeat existing encryption, passwords and access lists?

At what stage of an assessment would an auditor test systems for weaknesses and attempt to defeat existing encryption, passwords and access lists?

A.
Penetration

B.
Control

C.
Audit planning

D.
Discovery

Explanation:
Penetration testing is the act of gaining access
Reference: Security + (SYBEX) page 521