CompTIA CySA+ (CS0-001) — Question 83

An analyst is reviewing a list of vulnerabilities, which were reported from a recent vulnerability scan of a Linux server.
Which of the following is MOST likely to be a false positive?

Answer options

• A. OpenSSH/OpenSSL Package Random Number Generator Weakness
• B. Apache HTTP Server Byte Range DoS
• C. GDI+ Remote Code Execution Vulnerability (MS08-052)
• D. HTTP TRACE / TRACK Methods Allowed (002-1208)
• E. SSL Certificate Expiry

Correct answer: E

Explanation

The correct answer, E, is often a false positive because SSL certificate expiry is a routine maintenance issue rather than a vulnerability that can be exploited. The other options represent actual vulnerabilities that can be exploited in specific contexts, making them less likely to be false positives.