Which statement about investigating false positives with CVSS Base score >= 4.0 is true?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

Which statement about investigating false positives with CVSS Base score >= 4.0 is true?

The core idea is that findings from an external vulnerability scan with a CVSS base score of 4.0 or higher must be validated to confirm whether they’re real or false positives. This threshold marks moderate to high risk, so it’s important not to accept the report at face value. Investigating false positives in this scenario ensures you don’t miss genuine issues or waste effort chasing non-existent ones, and it provides solid evidence about the actual risk and whether remediation is needed. That’s why the correct stance is that you are required to investigate. The other options don’t fit because PCI ASV practices mandate active validation, not optional, prohibited, or unspecified handling of these findings.

Which statement about investigating false positives with CVSS Base score >= 4.0 is true?

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Which statement about investigating false positives with CVSS Base score >= 4.0 is true?

Get the latest from Examzify