Which of the following statements regarding ethical hacking is incorrect?

A. Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organizations systems.

B. Testing shoul

d be remotely performed offsite.

C. An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services.

D. Ethical hacking should not involve writing to or modifying the target systems.

Ethical

hackers use the same methods and techniques, including those that have the potential of exploiting vulnerabilities, to test and bypass a systems defenses as their less-principled counterparts, but rather than taking advantage of any vulnerabilities found,

they document them and provide actionable advice on how to fix them so the organization can improve its overall security.

References: