23. Your organization wants someone to examine your intranet portal to assess the threat from a malicious insider. What kind of testing is the most appropriate for this situation? (A) Credentialed testing (B) Code review (C) Active testing (D) Risk assessment