We have hired a penetration testing company to find security flaws, they are at the enumeration phase. What are they doing?
C: Vulnerability assessment.
CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests
“B: Pen testing would normally have these phases, enumeration is the same as scanning. Planning > Reconnaissance > Scanning (enumeration) > Vulnerability assessment > Exploitation > Reporting.