A security program manager wants to actively test the security posture of a system. The system is not yet
in production and has no uptime requirement or active user base. Which of the following methods will
produce a report which shows vulnerabilities that were actually exploited?
A.
Peer review
B.
Component testing
C.
Penetration testing
D.
Vulnerability testing