A penetration$-$testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security

manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration$-$testing firm. Which of the

following would best address the bank's desired scenario and budget?

A$.$ Engage the penetration$-$testing firm's red$-$team services to fully mimic possible attackers.

B$.$ Give the penetration tester data diagrams of core banking applications in a known$-$environment test.

C$.$ Limit the scope of the penetration test to only the system that is used for teller workstations.

D$.$ Provide limited networking details in a partially known$-$environment test to reduce reconnaissance efforts.