CompTIA Security+ (SY0-501) — Question 644

Which of the following explains why a vulnerability scan might return a false positive?

Answer options

• A. The scan is performed at a time of day when the vulnerability does not exist.
• B. The test is performed against the wrong host.
• C. The signature matches the product but not the version information.
• D. The hosts are evaluated based on an OS-specific profile.

Correct answer: A

Explanation

Option A is correct because a vulnerability may not be present at certain times, leading to a false positive during the scan. Option B is incorrect since testing the wrong host wouldn't necessarily lead to a false positive for a vulnerability that exists on the correct host. Option C is also incorrect because a signature matching a product but not the version might indicate a genuine issue rather than a false positive. Option D does not apply as evaluating hosts based on OS profiles does not typically result in false positives.