What are the three phases involved in security testing?
A.
Reconnaissance, Conduct, Report
B.
Reconnaissance, Scanning, Conclusion
C.
Preparation, Conduct, Conclusion
D.
Preparation, Conduct, Billing
Explanation:
Preparation phase – A formal contract is executed containing non-disclosure of the client’s data and legal protection for the tester. At a minimum, it also lists the IP addresses to be tested and time to test.
Conduct phase – In this phase the penetration test is executed, with the tester looking for potential vulnerabilities.
Conclusion phase – The results of the evaluation are communicated to the pre-defined organizational contact, and corrective action is advised.