Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 271

A vulnerability analyst is performing the monthly scan data review. Output data is very big and getting bigger each month. The analyst decides to create a more efficient process to complete the task on time. All false positives and true positives are excluded from the results. The remaining findings will be assigned to a technical team for further remediation. What is the result of such activity?

Answer options

• A. Exclusion is not needed, and all data must be remediated.
• B. Data is filtered properly and contains only valid results.
• C. Analysis is not performed correctly, and it is missing correct data.
• D. False negatives must also be excluded from the data.

Correct answer: C

Explanation

The correct answer is C because excluding false positives and true positives may lead to missing critical data, thus resulting in an incomplete analysis. Options A and B are incorrect as they misinterpret the need for exclusions, while D incorrectly suggests that false negatives are part of the filtering process, which is not addressed in the scenario.