Exam SY0-701 topic 1 question 269 discussion

The most important security concern with legacy systems is the lack of vendor support. Without vendor support, there are no updates, security patches, or fixes for newly discovered vulnerabilities. This leaves the system exposed to potential attacks that cannot be easily mitigated, increasing the risk of security breaches.

The correct answer is: D. Use of insecure protocols Explanation: Use of insecure protocols is the most critical security concern when using legacy systems to provide production services. Legacy systems often rely on outdated protocols that lack modern security features (such as encryption and secure authentication), making them vulnerable to various types of attacks (e.g., man-in-the-middle attacks, eavesdropping, etc.). These vulnerabilities can expose sensitive data and compromise the integrity of the system.

Legacy items are typically unsupported. Honestly if you look through all the questions dealing with legacy items they point you toward using a compensation control (segmentation/firewall usage/isolation) because of the lack of support through patching/updates

A - Lack of Vendor Support. Insecure protocols are a major concern, but they are often a symptom of the broader issue of lack of support and updates.

D. Use of insecure protocols: Legacy systems often rely on outdated protocols that are no longer considered secure by modern standards. These systems may use protocols that are vulnerable to attacks like eavesdropping, man-in-the-middle attacks, or data tampering because they do not support strong encryption or authentication methods.

No ongoing security updates No patches for newly discovered vulnerabilities

The more I think about it, the more I realize that legacy systems could still have secure protocols. I am going with lack of vendor support.

Given answer is correct - because legacy systems often rely on outdated and insecure protocols that can be easily exploited.

Primary concern is vendor support.

B. Lack of Vendor Support Why it isn't D. Use of Protocols: Many legacy systems use outdated and insecure protocols, which is certainly a concern, but insecure protocols can often be mitigated by wrapping them in secure communication channels (e.g., VPNs, encryption). The lack of vendor support to address these insecure protocols is actually a greater problem than their presence because there’s no way to patch or upgrade them without vendor assistance.

B. Lack of Vendor Support Why it isn't D. Use of Protocols: Many legacy systems use outdated and insecure protocols, which is certainly a concern, but insecure protocols can often be mitigated by wrapping them in secure communication channels (e.g., VPNs, encryption). The lack of vendor support to address these insecure protocols is actually a greater problem than their presence because there’s no way to patch or upgrade them without vendor assistance.

The most important security concern when using legacy systems is the lack of vendor support. Without vendor support, legacy systems may not receive essential security updates, patches, or technical assistance, leaving them vulnerable to known exploits and threats. This can significantly increase the risk of security breaches.

insecure protocol is an issue but would be greater without vender support

Legacy Systems - Outdated computing software, hardware, or other technologies that have been largely superseded by newer and more efficient alternatives. Unsupported Systems - Hardware or software products that no longer receive official technical support, security updates, or patches from their respective vendors or developers. Just because something is legacy does not mean that it's no longer supported by the vendor. However, it does mean that it is likely using outdated technologies/protocols. I vote D.

it is correct

Answer is D

hmmm, if it's security concern, shouldn't it be D use of insecure protocol?