Penetration testing will typically include

A.
Generally accepted auditing practices.

B.
Review of Public Key Infrastructure (PKI) digital certificate, and encryption.

C.
Social engineering, configuration review, and vulnerability assessment.

D.
Computer Emergency Response Team (CERT) procedures.