CompTIA CySA+ (CS0-003) — Question 221

An analyst is creating the final vulnerability report for one of the company’s customers. The customer asks for a scanning profile with a CVSS score of 7 or higher. The analyst has confirmed there is no finding for missing database patches, even if false positives have been eliminated by manual checks. Which of the following is the most probable reason for the missing scan result?

Answer options

• A. The server was offline at the moment of the scan.
• B. The system was not patched appropriately before the scan.
• C. The scan finding does not match the requirement.
• D. The output of the scan is corrupted.

Correct answer: C

Explanation

The correct answer is C because the scan finding does not meet the required CVSS score of 7 or higher. Option A is incorrect because the server's status during the scan was not indicated as an issue. Option B is not applicable, as the analyst confirmed there were no missing patches. Option D is also wrong, as there was no mention of output corruption.