A security analyst is assessing a small company`s internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Choose two.) 

Answer options:

A. Compare configurations against platform benchmarks
B. Confirm adherence to the company`s industry-specific regulations
C. Review the company`s current security baseline
D. Verify alignment with policy related to regulatory compliance
E. Run an exploitation framework to confirm vulnerabilities

CE