Focuses on the ability of a remote attacker to get to the internal network. The goal of this form of pen testing is to access data located within the internal network by exploiting externally exposed servers, clients, and applications. Social engineering is also an attack scenario that is considered.