A security program manager wants to actively test the security posture of a system. The system is
not yet in production and has no uptime requirement or active user base. Which of the following
methods will produce a report which shows vulnerabilities that were actually exploited?
A.
Peer review
B.
Component testing
C.
Penetration testing
D.
Vulnerability testing