Which of the following is the BEST method to confirm the presence of a reported vulnerability that has been identified as a potential false positive by an automated scanning tool?
Manually verify the vulnerability by checking system configurations, logs, or performing controlled tests
Re-scan the asset with a different scanning tool
Apply the latest system updates and patches before re-evaluating the report
Consult online vulnerability databases to find reported incidents of the vulnerability being exploited