Your organization has deployed a new web application on a Linux server. The application uses a custom database port (TCP 3307). During a routine vulnerability scan, the scanner reports a critical vulnerability: 'MySQL Server - Unrestricted File Upload (CVE-20XX-XXXX)'. The system administrator confirms that MySQL is not installed; the custom database uses PostgreSQL on port 3307. The scanner likely misidentified the service due to port-based fingerprinting. On further investigation, you find that the scanner's fingerprinting database has an incorrect mapping for port 3307. The PostgreSQL version is current and fully patched. The environment is production and cannot be disrupted. Which of the following is the BEST action to take?
Accurately identifies the issue and prevents future alerts.
Why this answer
Option D is correct because the vulnerability report is based on a false positive: the scanner misidentified the service on port 3307 as MySQL due to an incorrect port mapping in its fingerprinting database, while the actual service is a fully patched PostgreSQL. Since MySQL is not installed and no actual vulnerability exists, marking the finding as a false positive and suppressing it for this asset is the appropriate response in a production environment that cannot be disrupted.
Exam trap
CompTIA often tests the candidate's ability to distinguish between a true vulnerability and a false positive caused by service misidentification, trapping those who jump to patching or blocking without verifying the actual service running on the port.
How to eliminate wrong answers
Option A is wrong because manually updating the scanner's database is not a standard or recommended remediation action; scanner databases are vendor-managed, and manual edits could cause further inaccuracies or be overwritten on the next update. Option B is wrong because scheduling an immediate patch for a supposed MySQL vulnerability is unnecessary and potentially disruptive, as MySQL is not installed and the PostgreSQL service is fully patched—applying a non-existent patch wastes resources and may introduce risk. Option C is wrong because applying a workaround to block file upload functionality on port 3307 is irrelevant; PostgreSQL does not have an unrestricted file upload vulnerability, and blocking functionality would disrupt legitimate database traffic without addressing the actual scanner misidentification.