CompTIA CySA+ CS0-003 Practice Question
During a routine vulnerability assessment, a scanner reports a high-severity flaw on a networked server indicating weak authentication allowing potential unauthorized access. Further manual verification reveals that the server is configured with a public-key infrastructure for all user access, negating the use of passwords. How should this finding from the vulnerability scanner be classified?
This finding is accurate and points to an actual vulnerability because the scanner identified it as high-severity, regardless of the authentication method in place.
This is a false positive as the existing strong authentication mechanism is not taken into account by the automated scan.
It indicates a need for reconfiguration of the scanning tool to avoid such high-severity, misleading alerts in the future.
The report should be considered a true positive, implying an immediate requirement for security enhancement on the server.