CompTIA Security+ (SY0-601) — Question 793

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Answer options

• A. Ensure the scan engine is configured correctly.
• B. Apply a patch to the domain controller.
• C. Research the CVE.
• D. Document this as a false positive.

Correct answer: D

Explanation

The correct answer is D because the vulnerability is not applicable to the domain controller as it does not run the affected application. Option A is incorrect because the scan engine might be configured correctly, but the vulnerability is not relevant. Option B is not necessary since there is no patch to apply for a non-existent vulnerability. Option C may provide additional information, but it is not needed in this case since the vulnerability does not apply.