A security analyst conducts a manual scan on a known hardened host that identifies many non-compliant configuration items. Which of the following BEST describe why this has occurred? (Choose two.) 

Answer options:

A. Privileged-user credentials were used to scan the host
B. Non-applicable plugins were selected in the scan policy
C. The incorrect audit file was used
D. The output of the report contains false positives
E. The target host has been compromised

BD