The correct answer is A.
OBJ-4.1: Penetration testing or pentesting is the practice of testing a computer system, network, or web application in order to find vulnerabilities that an attacker could exploit. It can be used to ensure all security controls are properly configured and in place. Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. Testing AAA might be a part of a larger penetration test, but by itself it would not test the firewalls and patch management systems sufficiently. A disaster recovery test (DR test) is the examination of each step in a disaster recovery plan as outlined in an organization’s business continuity/disaster recovery planning process. A disaster recovery test would not test the firewalls, patch management, or security policies. A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire system from working. A single point of failure test is used to identify a single point of failure in the network or system, and it is not designed to test the network’s firewalls, patch management, or security policies.