The correct answer is C.
OBJ-1.7: A denial-of-service or DoS attack isn’t usually included as part of a penetration test. This type of attack contains too much risk for an organization to allow it to be included in an assessment’s scope. Social engineering, physical penetration attempts, and reverse engineering are all commonly included in a penetration test’s scope. A penetration tester must limit the invasiveness of their assessment to the specific scope of the penetration test.