If you are to determine the attack surface of an organization, which of the following is the BEST thing to do?
A.
Running a network scan to detect network services in the corporate DMZ
B.
Reviewing the need for a security clearance for each employee
C.
Using configuration management to determine when and where to apply security patches
D.
Training employees on the security policy regarding social engineering
A