CompTIA Security+ (SY0-601) — Question 178

A security analyst is reviewing the latest vulnerability scan report for a web server following an incident. The vulnerability report showed no concerning findings. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Answer options

• A. Security patches failed to install due to a version incompatibility.
• B. An adversary altered the vulnerability scan reports.
• C. A zero-day vulnerability was used to exploit the web server.
• D. The scan reported a false negative for the vulnerability.

Correct answer: D

Explanation

The correct answer is D because a false negative would indicate that the scan did not detect the known vulnerability that was actually present and exploited. Option A is incorrect as the report showed no issues, suggesting patches were likely installed. Option B is unlikely unless there is evidence of report tampering, and option C is not valid since the vulnerability was known and had a patch available.