What are the three phases involved in security testing?
A . Reconnaissance, Conduct, Report
B . Reconnaissance, Scanning, Conclusion
C . Preparation, Conduct, Conclusion
D . Preparation, Conduct, Billing
Answer: C
Explanation:
Preparation phase – A formal contract is executed containing non-disclosure of the client’s data and legal protection for the tester. At a minimum, it also lists the IP addresses to be tested and time to test. Conduct phase – In this phase the penetration test is executed, with the tester looking for potential vulnerabilities. Conclusion phase – The results of the evaluation are communicated to the pre-defined organizational contact, and corrective action is advised.