CompTIA CySA+ (CS0-001) — Question 216

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of the following would be an indicator of a likely false positive?

Answer options

• A. Reports indicate that findings are informational.
• B. Any items labeled "˜low' are considered informational only.
• C. The scan result version is different from the automated asset inventory.
• D. "˜HTTPS' entries indicate the web page is encrypted securely.

Correct answer: B

Explanation

The correct answer is B because items categorized as 'low' typically indicate that they do not pose a significant risk, which suggests they may not be actual vulnerabilities. Option A is incorrect as informational findings can still require attention, while C indicates a discrepancy that may need investigation rather than confirming false positives. Option D states a characteristic of 'HTTPS' that is unrelated to false positives.