Which of the following is not typically considered a form of network security assessment in terms of how well existing security stands up to current threats?
A. Configuration scan
B. Compliance audit
C. Vulnerability assessment
D. Ethical hacking
E. Penetration testing
Answer: B