Which of the following is NOT categorized as a vulnerability?

Social engineering is categorized as an attack method rather than a vulnerability. It refers to techniques used to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Unlike the other options, which represent systemic weaknesses that can be exploited due to poor configuration, inadequate compliance measures, or flawed architectural designs, social engineering specifically highlights a method of exploiting human behavior rather than a deficiency in the system itself.

In contrast, equipment that is configured improperly, inadequate enforcement of compliance measures, and substandard network design all point to inherent weaknesses that exist within the system or processes that could be exploited by an attacker. These vulnerabilities highlight a lack of adequate security measures, operational controls, or design considerations that could allow unauthorized access or data breaches.