As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined in the SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)

A.
Timing of the scan

B.
Contents of the executive summary report

C.
Excluded hosts

D.
Maintenance windows

E.
IPS configuration

F.
Incident response policies

Explanation: