A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active
user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?
A.
Peer review
B.
Component testing
C.
Penetration testing
D.
Vulnerability testing