For this scenario, we will construct a penetration test environment that simulates a standard testing environment. It'll be a fairly simple setup with no pivoting required. I will refer to this one as the reporting range because realistically that's the best purpose for this setup. In order to gauge the reporting ability of your staff, run them though a similar setup and see what comes back.
This scenario can feature as many or as few systems as you like. I'm going to use five to create a representative environment without taking up a ridiculous amount of space. Have a look at the following diagram:
Before going into depth on the creation and organization of the VMs, I'm going to share some observations about small networks.