A security administrator is being hired to perform a penetration test of a third-party cloud provider as part of an annual security audit. Which of the following is the
FIRST step that must be performed?
A. Attempt known exploits
B. Scan for vulnerabilities
C. Research publicized incidents
D. Get written permission