What is a false positive in vulnerability scanning?

  1. A vulnerability that was missed by the scanner
  2. A vulnerability that was not actually exploitable
  3. A vulnerability that has already been patched
  4. A report of a vulnerability that does not exist ✓

Correct answer: A report of a vulnerability that does not exist

A false positive in vulnerability scanning is a report that flags a vulnerability as present when it does not actually exist on the target system, making Option D correct. Option A describes a false negative, which is when a real vulnerability goes undetected by the scanner. Option B describes a non-exploitable vulnerability, which is a true positive finding that lacks a viable attack path, not a false positive. Option C describes a patched vulnerability, which would be a true positive or a stale finding rather than an erroneous detection.

Topic: · vulnerability scanning, false positive, penetration testing, security assessment

Practice CompTIA PenTest+ (PT0-002) Questions Free