A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm?
A.
Vulnerability scanning
B.
Penetration testing
C.
Application fuzzing
D.
User permission auditing