The correct option is Crowdsourced bug bounty program.

This approach engages external security researchers and a distributed crowd to probe APIs and web interfaces for security weaknesses. Organizations run these programs to receive reports from many independent testers and they typically offer rewards and formal disclosure rules to manage submissions and remediation.

Automated vulnerability scanning is incorrect because it relies on automated tools to find common issues and does not involve outside individuals or a crowd.

Regression testing is incorrect because it is aimed at verifying that recent changes did not break existing functionality and it is not a way to recruit external researchers to find new security weaknesses.

Fault injection testing is incorrect because it focuses on injecting errors to test resilience and error handling and it is usually performed by internal teams or controlled tools rather than a crowd of external researchers.

Full AWS Practitioner Certification Question