A security analyst has completed an authenticated vulnerability scan against the production subnet. The report lists several critical findings on a Linux database server that was reportedly patched earlier in the week. Which of the following actions would BEST help the analyst determine whether the reported vulnerabilities are true positives before opening a remediation ticket?
Log in to the server and verify the installed package versions against the vendor's fixed release.
Add the affected CVEs to the scanner's global ignore list to suppress future alerts.
Escalate the issue immediately to the incident-response team as a confirmed breach.
Schedule an uncredentialed external scan of the same subnet to check consistency.
Logging in to the server and manually checking the installed package versions or attempting an exploit proof-of-concept directly validates whether the vulnerability is still present. This hands-on confirmation distinguishes real issues from scanner errors or outdated signatures. The other options either suppress the alert without verification, escalate an unconfirmed issue, or repeat the scan with less context, none of which reliably determines the finding's accuracy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are false positives and false negatives in vulnerability scanning?
Open an interactive chat with Bash
How do vulnerability scanners work?
Open an interactive chat with Bash
Why is manual verification necessary in the vulnerability assessment process?