The ASV is REQUIRED to investigate false positives with a CVSS Base score at or below 3.9 (a passing score).

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

The ASV is REQUIRED to investigate false positives with a CVSS Base score at or below 3.9 (a passing score).

Explanation:
CVSS scores are used to prioritize which vulnerabilities need careful validation and remediation. In the PCI ASV process, the focus is on higher-severity findings, since those pose a greater risk to cardholder data. Low-severity results (base score 3.9 or below) are considered lower risk, so the formal requirement to investigate potential false positives is not applied to those passing-score items. In other words, false positives with a CVSS base score at or below 3.9 are not mandated to be investigated by the ASV as part of the standard practice. This is why the statement is not correct.

CVSS scores are used to prioritize which vulnerabilities need careful validation and remediation. In the PCI ASV process, the focus is on higher-severity findings, since those pose a greater risk to cardholder data. Low-severity results (base score 3.9 or below) are considered lower risk, so the formal requirement to investigate potential false positives is not applied to those passing-score items. In other words, false positives with a CVSS base score at or below 3.9 are not mandated to be investigated by the ASV as part of the standard practice. This is why the statement is not correct.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy