Penetration testing should only be used during controlled conditions with express consent of the system owner because:
A.
white box penetration testing cannot identify zero day exploits.
B.
vulnerability scanners can cause massive network flooding during risk assessments.
C.
penetration testing passively tests policy controls and can identify vulnerabilities.
D.
penetration testing actively tests security controls and can cause system instability.