The correct answers are A, B, and F.
OBJ-1.2: Passively harvesting information from a target is the main purpose of the reconnaissance phase. Harvesting email addresses from the public internet, identifying employees on social media (particularly LinkedIn profiles), discovering public-facing servers, and gathering other publicly available information can allow an attacker to develop a more thorough understanding of a targeted organization. Acquiring or developing zero-day exploits, selecting backdoor implants, and choosing command and control (C2) mechanisms will require the information gathered during reconnaissance to be effective. Still, these activities will actually occur during the weaponization phase.