An administrator identifies a security issue on the corporate web server, but does not attempt to exploit it. Which of the following describes what the administrator has done?
A.
Vulnerability scan
B.
Penetration test
C.
Social engineering
D.
Risk mitigation