A security analyst conducts a manual scan on a known hardened host that identifies many non-compliant items.
Which of the following BEST describe why this has occurred? (Select TWO)
A. Privileged-user certificated were used to scan the host
B. Non-applicable plugins were selected in the scan policy
C. The incorrect audit file was used
D. The output of the report contains false positives
E. The target host has been compromised