A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.Which of the following actions, if performed, would be ethical within the scope of the assessment?
A. xploiting a configuration weakness in the SQL database
B. ntercepting outbound TLS traffic
C. aining access to hosts by injecting malware into the enterprise-wide update server
D. everaging a vulnerability on the internal CA to issue fraudulent client certificates
E. stablishing and maintaining persistence on the domain controller