A security analyst is assessing a small company’s internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Choose two.)
A. Compare configurations against platform benchmarks
B. Confirm adherence to the company’s industry-specific regulations
C. Review the company’s current security baseline
D. Verify alignment with policy related to regulatory compliance
E. Run an exploitation framework to confirm vulnerabilities
A and C Question says “against recommended security practices” – So exactly what are the “RECOMMENDED security practices”? Not (B) “regulations” since they are compulsory not mere “recommendations” – Not (D) “regulatory compliance” since they too are compulsory, not mere “recommendations” – Not (E) “an exploitation framework” since that involves running intrusive penetration tests (need an “assessment” not an exploitation) – Leaves just (A) Platform benchmark: comparison against industry best practices and (C) Security baseline: represents the minimum security settings that must be adhered to.
TestKing agrees with A, but says A and E.