Ann, a security analyst from a large organization has been instructed to use another more effective scanning tool. After installing the tool on her desktop she started a full-blown abilities can. After running the scan for 8 hours and finds that there were no one or vulnerabilities identify it. Which of the following is the most likely cause of not receiving any vulnerabilities on the network?

1. The organization has a zero-tolerance policy against not applying cyber security best practices

2. the organization had a protective approach to patch management principles and practices

3. the security analyst credentials did not allow for administrative rights for the scanning tool

4. the security analyst just recently applied operating system level patches