You have conducted a vulnerability scan on the company's network and identified several critical vulnerabilities. Which action would accurately determine if these vulnerabilities are true positives?
Wait for the next available security patch from the vendor for the identified vulnerabilities.
Cross-reference the identified vulnerabilities with publicly available vulnerability databases.
Reboot the affected systems and see if the vulnerability persists.
Run a proof-of-concept exploit to see if the vulnerability can be actively exploited.