A security administrator is tasked with conducting an assessment made to establish the baseline security
posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the
infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house
or cheaply available resources. There cannot be a possibility of any equipment being damaged in the test.
Which of the following has the administrator been tasked to perform?