Which of the following is NOT considered a vulnerability?

The correct choice identifies social engineering as an action rather than a vulnerability inherent in a system or process. Vulnerabilities generally refer to weaknesses or flaws in a system that could be exploited to compromise security.

Equipment configured improperly, inadequate enforcement of compliance, and substandard network design highlight specific shortcomings within an organization's infrastructure or processes that can lead to security risks. For instance, improper configuration can lead to exposure of sensitive data, while inadequate compliance enforcement can result in regulatory penalties and security issues. Substandard network design might create bottlenecks or expose the network to unnecessary risks.

On the other hand, social engineering refers to the tactics used by individuals to manipulate others into divulging confidential information, often targeting human behavior rather than weaknesses in security systems. While social engineering can leverage vulnerabilities in systems or people, it is an act or technique rather than a characteristic of a system itself, hence it does not qualify as a vulnerability in the same context.