What are the three phases involved in security testing?

A.
Reconnaissance, Conduct, Report

B.
Reconnaissance, Scanning, Conclusion

C.
Preparation, Conduct, Conclusion

D.
Preparation, Conduct, Billing

Explanation:
Preparation phase – A formal contract is executed containing non-disclosure of the client’s data and legal protection for the tester. At a minimum, it also lists the IP addresses to be tested and time to test.
Conduct phase – In this phase the penetration test is executed, with the tester looking for potential vulnerabilities.
Conclusion phase – The results of the evaluation are communicated to the pre-defined organizational contact, and corrective action is advised.