Question

You notice a lot of false positives, so your system administrator decides to use a different vendor's scanner to double-check the results. Why shouldn't he do that and what should he do instead?

a) Using another scanner is a good idea to cross-verify findings.
b) He shouldn't use another scanner as it may introduce inconsistencies, but instead, fine-tune the existing scanner.
c) He should use multiple scanners simultaneously to save time.
d) He should ask for a refund from the scanner vendor.

Answer 1

He shouldn't use another scanner as it may introduce inconsistencies, but instead, fine-tune the existing scanner.

Step-by-step explanation:

B - He shouldn't use another scanner as it may introduce inconsistencies, but instead, fine-tune the existing scanner.

Using another scanner may not be a good idea as it can lead to inconsistent results and may not necessarily solve the problem of false positives. Inconsistent results can occur because different scanners use different scanning algorithms and databases, which can produce varying results. Instead of using another scanner, the system administrator should focus on fine-tuning the existing scanner.

By fine-tuning the existing scanner, the system administrator can adjust the sensitivity or threshold settings to reduce the occurrence of false positives. This involves modifying the scanner's settings to ensure that it correctly identifies genuine threats without flagging benign files or activities as malicious. This approach is more effective and helps maintain consistency in the scanning process.