GIAC Security Essentials Certification (GSEC) — Question 40

You are the security director for an off-shore banking site. From a business perspective, what is a major factor to consider before running your new vulnerability scanner against the company's business systems?

Answer options

• A. It may harm otherwise healthy systems.
• B. It may produce false negative results.
• C. It may generate false positive results.
• D. It may not return enough benefit for the cost.

Correct answer: C

Explanation

The correct answer, C, highlights the concern that a vulnerability scanner might indicate issues that do not actually exist, leading to unnecessary remediation efforts. Option A is incorrect because while scanners can cause disruptions, they are designed to minimize harm. Option B is not the main concern in this context, as false negatives are less impactful than false positives. Option D is also a consideration but focuses more on cost-benefit analysis rather than the immediate impact of false outcomes.