A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities.
Which of the following documents should include these details?
A . Acceptable use policy
B . Service level agreement
C . Rules of engagement
D . Memorandum of understanding
E . Master service agreement
Answer: C