Final answer:
The penetration tester is conducting passive information gathering, which is crucial for building a profile of the target organization, including finding the bank's IP ranges, without engaging directly with its systems or alerting the security team.
Step-by-step explanation:
The activities described by the penetration tester are associated with the initial phase of a penetration test, during which the tester is collecting information about the target organization without directly interacting with its systems. This phase is known as passive information gathering. The tester employs various techniques such as examining publicly available information, researching the company online, and physical surveillance (like dumpster diving and noting employee patterns)—all without alerting the target. The passive collection of information is crucial to understanding the target's environment, which can include discovering the bank's IP ranges, as this information could reveal the structure of the bank's network and potential attack vectors.
Looking into DNS records or news articles, analyzing job postings for insights into the IT infrastructure, and examining waste materials for sensitive information are classic passive information gathering strategies. These techniques allow penetration testers to build a profile of the target without directly engaging with its network infrastructure or alerting the security team about their activities, thus maintaining the element of surprise which is critical in simulating real-life attacks. This early stage of reconnaissance is vital because it helps in identifying possible points of entry and weaknesses without increasing the risk of detection.