What action might a pen tester perform to identify potential exploitable services to gain an initial foothold in a network?

Port scanning is the first step toward identifying potentially exploitable services. Data gathering is used to acquire information to prepare for port scanning and other activities. Permission and planning are not used to identify exploitable services but are critical to the overall process.