A tester has been contracted to perform a penetration test for a corporate client. The scope of the test is limited to end-user workstations and client programs only. Which of die following actions is allowed in this test?
A. Attempting to redirect the internal gateway through ARP poisoning
B. Activating bot clients and performing a denial-of-service against the gateway.
C. Sniffing and attempting to crack the Domain Administrators password hash.
D. Sending a malicious pdf to a user and exploiting a vulnerable Reader version.
Answer should be A:
A. Attempting to redirect the internal gateway through ARP poisoning
How can we DoS client infrastructure