During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following BEST describes this type of vulnerability?
But if the vendor promises to release the patch, then there is already an available solution, just that the vendor have not rolled-out/applied it to their product because they are not aware of it.
The VA would not have scanned the vulnerability if it is a zero day. It seems that the vulnerabilty here is with the Supply chain = vendor. Just my though.
wrong. the vendor states a patch will be released within the next quarter indicating it will be developed. if it was already a patch available it would have been stated released immediately. read and understand the context cues. this is definitely a zero day. the answer is C
Legacy Operating System = No longer supported (Windows 95, ME, 2K, XP, etc) so patches are no longer produced excluding when the vendor is under psychotically extenuating duress (Oh, you mean the SEC still uses Windows 2000 to run a transactional web-server that is vulnerable to these hard-coded administrator credentials with system level access we left in place in the built in IIS FTP module?"). So the answer is Zero Day.
A "zero-day" vulnerability refers to a security flaw or weakness in software or an operating system that is unknown to the vendor or developers of that software. It is called "zero-day" because there are zero days between the time the vulnerability is discovered by attackers and the time the vendor becomes aware of it and can develop a patch to fix it. In this scenario, the vulnerability was found during a security assessment, and the vendor is unaware of it and has not yet released a patch, making it a zero-day vulnerability.
C. This type of vulnerability is a zero day vulnerability. A zero day vulnerability is a security flaw or weakness in software or hardware that is unknown to the vendor or to security experts. This makes it particularly dangerous as there is no patch available, leaving systems open to attack. In this scenario, the OS vendor is unaware of the vulnerability and is planning to release a patch within the next quarter. A legacy operating system (option A) refers to an old or outdated operating system that is no longer supported by the vendor. A weak configuration (option B) refers to a system that is not properly configured, leaving it vulnerable to attack. A supply chain vulnerability (option D) refers to a security weakness in a product's supply chain, such as a third-party component or software that is used in the product.
If supply chain isn’t the answer then I’ll go with Zero day because option A means it’s an outdated OS and usually without vendor support, clear the OS in question still has vendor support
The correct answer is C. Zero day.
A zero-day vulnerability is a previously unknown vulnerability in software or hardware that is exploited by attackers before the vendor becomes aware of the issue and releases a patch. In this case, the OS vendor was unaware of the vulnerability and promised to release a patch within the next quarter, indicating that it is a zero-day vulnerability.
Answer is "C" as per Comptia this is why "A" is not the answer:
A legacy platform is one that is no longer supported with security patches by its developer or vendor. This could be a PC/laptop/smartphone, networking appliance, peripheral device, Internet of Things device, operating system, database/programming environment, or software application. By definition, legacy platforms are unpatchable.
My answer would be Legacy OS. Reason: The question said the patch would be available in the next quarter. This sounds more of EOL. For zero day attacks, the solution must come in the next 2 to 3 days.
legacy operating system, is an operating system (OS) no longer in widespread use, or that has been supplanted by an updated version of earlier technology.
I saw on the answer threads in the early 100ish answers that Examtopics has to keep the *actual* answer hidden, otherwise CompTIA would not allow Examtopics to post their questions verbatim.
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Kashim
Highly Voted 2 years, 8 months agoXynned
1 year, 12 months agocybertechb
1 year, 6 months agoJohnMangley
Highly Voted 2 years, 8 months agoirtaza909
Most Recent 1 year, 4 months agoGrumpy_Old_Coot
1 year, 5 months agosujon_london
1 year, 10 months agoApplebeesWaiter1122
1 year, 11 months agoApplebeesWaiter1122
1 year, 11 months agoYawannawanka
2 years, 2 months agoAction
2 years, 4 months agoAction
2 years, 4 months agoAlizadeh
2 years, 6 months ago[Removed]
2 years, 6 months agoSandon
2 years, 6 months agoLv2023
2 years, 6 months agoksave
2 years, 7 months agoSandon
2 years, 5 months agoNICKJONRIPPER
2 years, 7 months agoNICKJONRIPPER
2 years, 7 months agopapisam
2 years, 8 months agoSandon
2 years, 5 months agoIphy23
2 years, 8 months agoGino_Slim
2 years, 8 months agoSOK_I
2 years, 7 months ago