At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester performing?

Active reconnaissance requires direct engagement with the target systems to obtain information, such as probing for open ports or conducting vulnerability scans. This approach often triggers alerts and can be detected by security measures in place, making it unsuitable for the initial phase of passive information gathering.

While penetration testing itself is an offensive security practice, the term "offensive reconnaissance" typically refers to active methods aimed at exploiting vulnerabilities. The focus of offensive actions is to breach security controls, which contrasts with the information-gathering nature of passive reconnaissance.

Defensive reconnaissance pertains to security measures taken to protect an organization's assets against potential threats. This includes monitoring systems for unusual activities and enhancing security protocols to prevent breaches. It is not relevant in the context of an initial penetration test aimed at gathering intelligence.