How would you invoke NSE scripts for a specific category, and how would you run the default safe scripts only?

You test how NSE scripts are selected and run by using the --script option to filter what gets executed, and you use a shorthand to run the built-in safe default set. Invoking NSE scripts by category or name is straightforward: pass a category name (like discovery) or a specific script name after --script. This tells Nmap exactly which scripts to run. You can also list multiple categories or scripts separated by commas to combine sets, for example --script discovery,safe to run both discovery and safe scripts in one scan. To run only the default safe scripts, use the shorthand -sC, which is equivalent to --script=default. This runs the predefined default set of scripts, designed to be safe for routine scanning. The other options don’t fit as cleanly for these goals: using --script-args is for passing parameters to scripts rather than selecting which scripts to run; -A enables a broad probe set (OS, version, script scanning, traceroute) and isn’t limited to the default safe subset; explicitly listing discovery and safe and ignoring -sC would run more than just the default safe set.