A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect.
Which of the following would be the BEST step for the penetration tester to take?
A . Obtain staff information by calling the company and using social engineering techniques.
B . Visit the client and use impersonation to obtain information from staff.
C . Send spoofed emails to staff to see if staff will respond with sensitive information.
D . Search the Internet for information on staff such as social networking sites.
Answer: D