Automated vulnerability scanningis thefirst step in identifying system weaknesses. These scans systematically check for outdated software, misconfigurations, and known vulnerabilities in a network. Penetration testing (B)is conducted after vulnerabilities are identified. Threat hunting (C)focuses on detecting unknown threats, not listing vulnerabilities. Reference:CompTIA Security+ SY0-701 Official Study Guide, Security Operations domain.