During information gathering, a penetration tester discovers email addresses of key employees through LinkedIn and public websites. What type of information gathering is this?

Correct answer: Open Source Intelligence (OSINT)

Option D is correct because collecting information from publicly available sources such as LinkedIn profiles, company websites, job postings, and social media without directly interacting with or probing target systems is the definition of Open Source Intelligence (OSINT). Option A is incorrect because network scanning involves actively sending packets to discover hosts and open ports, which is not what is described. Option B is incorrect because active reconnaissance involves direct interaction with the target infrastructure, such as port scanning or service enumeration, whereas harvesting public email addresses is passive. Option C is incorrect because vulnerability scanning involves probing systems for known weaknesses using scanning tools, which is a technical, active activity distinct from collecting publicly available human-intelligence data.