Which of the following phases involves researching a target's configuration from public sources when performing a penetration test?
Correct Answer: A
A penetration test is a simulated attack on a system or network to evaluate its security posture and identify any vulnerabilities or weaknesses. A penetration test typically consists of four phases: information gathering, vulnerability analysis, exploitation, and reporting. The information gathering phase involves researching a target's configuration from public sources, such as websites, social media, domain name servers, or network scanning tools. The information gathered in this phase can help to determine the attack surface, the potential entry points, and the best strategies for the penetration test. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 9: Security Assessment and Testing, page 581; CISSP Official (ISC)2 Practice Tests, Third Edition, Domain 6: Security Assessment and Testing, Question 6.15, page 244.