CompTIA Security+ (SY0-501) — Question 175

An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?

Answer options

• A. False negative
• B. True negative
• C. False positive
• D. True positive

Correct answer: C

Explanation

A 'False positive' occurs when a vulnerability is incorrectly identified by a tool, leading to a potential alarm for an issue that does not exist. In contrast, a 'False negative' means a real vulnerability is missed, while 'True negative' indicates a correct absence of a vulnerability. 'True positive' is when a genuine vulnerability is accurately detected.