A penetration testing company was hired to conduct a penetration test against Company A’s network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B. Which of the following would be the BEST solution to conduct penetration testing against mail.company A.com?
A. The penetration tester should conduct penetration testing against mail.companyA.com because the domain name is in scope.
B. The penetration tester should ask Company A for a signed statement giving permission to conduct a test against mail.companyA.com.
C. The penetration tester should ignore mail.companyA.com testing and complete only the network range 20.10.10.0/24.
D. The penetration tester should only use passive open source intelligence gathering methods leveraging publicly available information to analyze mail.companyA.com.
