CompTIA Security+ (SY0-501) — Question 289
Joe, the security administrator, sees this in a vulnerability scan report:
"The server 10.1.2.232 is running Apache 2.2.20 which may be vulnerable to a mod_cgi exploit.`
Joe verifies that the mod_cgi module is not enabled on 10.1.2.232. This message is an example of:
Answer options
- A. a threat.
- B. a risk.
- C. a false negative.
- D. a false positive.
Correct answer: D
Explanation
The correct answer is D, a false positive, because the scan indicated a potential vulnerability that does not exist since mod_cgi is not enabled. A threat (A) refers to a potential danger, a risk (B) is the chance of a threat exploiting a vulnerability, and a false negative (C) would indicate that a vulnerability exists when it does not, which is not the case here.