A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly. Which of the following is MOST likely the issue?
A. The penetration tester was not provided with a WSDL file.
B. The penetration tester needs an OAuth bearer token.
C. The tester has provided an incorrect password for the application.
D. An IPS/WAF whitelist is in place to protect the environment.
