Due to compliance regulations, a company requires a yearly penetration test. The Chief
Information Security Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?
A.
The risk of unplanned server outages is reduced.
B.
Using documentation provided to them, the pen-test organization can quickly determine areas
to focus on.
C.
The results will show an in-depth view of the network and should help pin-point areas of internal
weakness.
D.
The results should reflect what attackers may be able to learn about the company.