Exam PT0-002 topic 1 question 114 discussion

D is the most likely to yield positive initial results. Scraping web presences and social-networking sites can provide information about a company such as its address, size, services, customer reviews, and contact information. This can be useful when starting a penetration test. Specially crafting and deploying phishing emails to key company leaders is not recommended, as it can be easily detected and flagged as malicious activity. Running a vulnerability scan against the company's external website can reveal vulnerable services or applications, but is not likely to yield much useful information. Lastly, researching the company's vendor/supply chain may provide some useful insights, but it is not likely to be the most effective starting point.

ddddddddddddd

Option A is incorrect because phishing emails are not a good approach for initial information gathering. Phishing emails are used to gain access to a company's internal systems and data, but they are not an effective way to gather information about a company's external presence. Option B is incorrect because running a vulnerability scan against the company's external website is not a passive approach. Vulnerability scans involve actively probing a system and are better suited for internal penetration tests. Option C is incorrect because running the company's vendor/supply chain is not a passive approach. This approach could potentially yield some information, but it is not the most effective way to gather initial information.

It is D. Read it carefully

This is the first step gathering public and social information

Social media scraping - Key contacts/job responsibilities - Job listing/technology stack

I think the answer to this is D. You'll get to do C after doing it.