What technique might Tabitha use during the reconnaissance phase of her penetration test?

During the reconnaissance phase of a penetration test, the primary goal is to gather as much information as possible about the target system or organization without alerting them to the testing activities. Impersonation, while it may seem relevant, is more commonly associated with active phases of an attack.

The correct answer pertains to social engineering, which is a technique that exploits human psychology to gain confidential information or access to systems. This approach is particularly effective during reconnaissance because it involves engaging with employees or other individuals within the organization to gather valuable insights. For instance, Tabitha could pose as an employee or a service provider to inquire about system details, access codes, or network infrastructure, thereby collecting crucial data that could inform her next steps in the penetration test.

While phishing and denial of service are also tactics used in cyber attacks, they don't typically occur during the reconnaissance phase. Phishing involves directly attempting to deceive individuals into providing sensitive data and often represents a more aggressive tactic that follows initial information gathering. Denial of Service is focused on disrupting services and is not a reconnaissance method. Therefore, social engineering emerges as the most appropriate technique Tabitha might use at this stage.