1.Test instance. We need to test different scenarios for our script, test differ

1. 1.Test instance. We need to test different scenarios for our script, test different output. For this we need test instance where we can do and modify what we want. And test machines for this.
2. 2. Can we use powershell?
3. 2. Policy Compliance profile. Report function. When scanning WMI for AV's sometimes we can find more then one AV. For example, there are 3 on my machine. Symantec, Cylance, Defender. 2 of them enabled, one disabled. How does Report function (bool result) should work with it? If at least one enabled, then true?
4. 3.In some situation's nothing to put into the 'Evidance' section. For example we just scan if information can be obtained, can this section be blank?
5. 4.Some issues can be exploit (and checked) only remotely. We scan localy, as i know. What we shoud do?
6. 4.1 There is different port states, when you scan port from the device and outside. What we shoud do with this?
7. 5. Shall I develop my own code for finding exe\files\registry on a device?
8. 6.Policy Compliance.
9. 6.1. Does Administrator account use a known password - What is this?
10. 6.2 Is software using default passwords - What is this?
11. 6.3. Are Critical patches required which have been published over 30 days ago - Can we take this info from CMS?