An outside security consultant produces a report of several vulnerabilities for a particular server. Upon further investigation, it is determine that the vulnerability reported does not apply to the platform the server is running on. Which of the following should the consultant do in order to produce more accurate results?
A. A black box test should be used to increase the validity of the scan
B. Perform a penetration test in addition to a vulnerability scan
C. Use banner grabbing to identify the target platform
D. Use baseline reporting to determine the actual configuration