CompTIA Security+ (SY0-501) — Question 150

A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Choose two.)

Answer options

• A. Compare configurations against platform benchmarks
• B. Confirm adherence to the company's industry-specific regulations
• C. Review the company's current security baseline
• D. Verify alignment with policy related to regulatory compliance
• E. Run an exploitation framework to confirm vulnerabilities

Correct answer: C, E

Explanation

The correct answer includes C, as reviewing the company's current security baseline is essential to understand the existing security posture. E is also correct because running an exploitation framework helps identify potential vulnerabilities. Options A, B, and D, while relevant, do not directly contribute to the immediate assessment of the internal servers in the context provided.