CompTIA CySA+ Practice Test

When reviewing vulnerability scan results, which finding could indicate a false positive?

• A. Scanner compliance plug-ins are up to date
• B. Items classified as Low or Informational purposes only
• C. A version showing discrepancies from the asset inventory
• D. A secure HTTPS entry indicating encryption

The correct answer is: Items classified as Low or Informational purposes only

In the context of vulnerability scans, findings classified as Low or Informational typically indicate issues that may not pose an immediate risk to the organization. These findings often represent vulnerabilities that require further analysis to determine their relevance and threat level. In many instances, low or informational findings can result from outdated or less impactful vulnerabilities that might not actually affect the current security posture of the system. False positives occur when a vulnerability scanner identifies a potential issue that is not exploitable or relevant to the specific environment. Low or informational findings can often fall into this category, as they usually describe minor weaknesses that may not lead to significant security breaches. Therefore, items classified as low or informational are more likely to be erroneous or less pressing, signaling to the reviewer that these findings may not warrant immediate remediation efforts. Understanding the significance of different classifications in scan results helps security professionals prioritize their response efforts effectively. This is crucial for managing resources and implementing security measures based on genuine threats rather than minor concerns.