During a routine vulnerability assessment, a scanner reports a high-severity flaw on a networked server indicating weak authentication allowing potential unauthorized access. Further manual verification reveals that the server is configured with a public-key infrastructure for all user access, negating the use of passwords. How should this finding from the vulnerability scanner be classified?
It indicates a need for reconfiguration of the scanning tool to avoid such high-severity, misleading alerts in the future.
The report should be considered a true positive, implying an immediate requirement for security enhancement on the server.
This finding is accurate and points to an actual vulnerability because the scanner identified it as high-severity, regardless of the authentication method in place.
This is a false positive as the existing strong authentication mechanism is not taken into account by the automated scan.
In this scenario, the vulnerability scanner's report of a high-severity authentication flaw is a false positive as it does not consider the public-key infrastructure enforced for user access, which would not permit the reported vulnerability. This emphasizes the necessity of manual validation of automated scan results to accurately identify genuine security risks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a vulnerability assessment?
Open an interactive chat with Bash
What does public-key infrastructure (PKI) mean?
Open an interactive chat with Bash
What is a false positive in cybersecurity scanning?