A Chief Information Officer (CIO) recently saw on the news that a significant security flaws exists with a specific version of a technology the company uses to support many critical application. The CIO wants to know if this reported vulnerability exists in the organization and, if so, to what extent the company could be harmed?

a. Penetration test
b. Vulnerability scan
c. Active reconnaissance
d. Patching assessment report