312-50V11 · Question #1036
Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities. What will you call these issues?
The correct answer is A. False positives. When a vulnerability scanner flags issues that are investigated and confirmed to pose no actual risk, those findings are classified as false positives.
Question
Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities. What will you call these issues?
Options
- AFalse positives
- BTrue negatives
- CTrue positives
- DFalse negatives
How the community answered
(49 responses)- A90% (44)
- B2% (1)
- C6% (3)
- D2% (1)
Why each option
When a vulnerability scanner flags issues that are investigated and confirmed to pose no actual risk, those findings are classified as false positives.
A false positive occurs when an automated security tool reports a condition as a vulnerability but manual analysis confirms it is a benign behavior or misconfiguration that presents no real risk. This is a well-known limitation of tool-based vulnerability assessments, where broad detection signatures trigger on legitimate system activity, requiring a human analyst to distinguish genuine threats from incorrect alerts.
True negatives describe cases where the tool correctly identifies something as not a vulnerability and raises no alert, meaning the result is accurate and no false finding is involved.
True positives are vulnerabilities correctly flagged by the tool and confirmed through analysis to be genuine security issues that require remediation.
False negatives occur when a real vulnerability exists in the system but the tool fails to detect and report it, representing a missed finding rather than an incorrectly flagged non-issue.
Concept tested: Vulnerability assessment result classification - false positives
Source: https://csrc.nist.gov/glossary/term/false_positive
Topics
Community Discussion
No community discussion yet for this question.