What are false positives in vulnerability scanning, and why do they occur? How do you verify whether a vulnerability finding is a true positive or false positive?

Sample answer preview

A false positive occurs when a vulnerability scanner reports a security issue that does not actually exist. The scanner incorrectly identifies a vulnerability where the system is not actually vulnerable.