Which tactic is described for automating phishing communications during testing?

Automating phishing communications means using a controlled, repeatable process to deliver phishing emails to users in order to test awareness and responses at scale. The idea is to simulate the entire phishing outreach—delivery, user interaction, and reporting—so you can measure how many people click, submit credentials, or otherwise engage, without relying on manual, one-off attempts. A tactic that aligns with this approach involves sending emails that guide recipients to a tester-hosted environment, such as a simulated login page or a controlled link, to emulate exploitation in a safe, measurable way. This directly implements phishing-like interactions in a test context and provides actionable data on user susceptibility. The other options describe activities that are not about delivering or managing phishing messages: automating port scans focuses on discovering open services on a network, password spraying targets credential reuse through logins rather than email-based deception, and deploying a malware payload concerns delivering malware after a breach rather than automating phishing communications themselves.