A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the MOST likely cause of the issue?
A.
The vendor firmware lacks support.
B.
Zero-day vulnerabilities are being discovered.
C.
Third-party applications are not being patched.
C. Third-party applications are not being patched.
It's not zero day.
It's extremely unlikely a vulnerability scanner would discover a zero day vulnerability bcs nobody knows it exists.
C. Third-party application are not being patched is my answer, Scanner tools, including vulnerability scanners, are designed to identify KNOWN vulnerabilities in software, systems, and networks. They work by comparing the target system's characteristics with a database of known vulnerabilities and their associated signatures or patterns. When a match is found, the scanner alerts the user about the presence of a known vulnerability.
While the company may have implemented a patch management policy, it's possible that the focus has been primarily on patching the operating system and core software, while neglecting third-party applications. Third-party applications, such as web browsers, office suites, or media players, often have their own security vulnerabilities that need to be addressed through regular patching. Failure to patch these applications can leave the hosts vulnerable to exploitation, which would be flagged by vulnerability scanners.
Zero-day assumes that no patch is present, but that does not mean that it is undetectable. Consider scenario, that zero-day was discovered and someone sends that discovery into the "Latest zero-day exploit news" channel or something. it would be easier to update vulnerability scanners than to develop a patch.
Anyway, I would still choose C, as it seem as more common situation
Third-party applications are commonly used in organizations, and they have become an attractive target for attackers due to their vulnerabilities. These vulnerabilities often go unnoticed, as third-party application patching is often not prioritized in patch management processes.
Therefore, it is crucial to include third-party application patching as part of the patch management policy. If not, attackers can exploit these vulnerabilities to compromise systems and networks, resulting in data breaches, financial loss, and reputational damage.
The correct answer is: C. Third-party applications are not being patched.
By using Behavior-based monitoring and Signature-based variant detection we can detect some zero day exploits, and that’s why the vulnerability scanners are flagging the hosts. I believe the correct answer is B.
The most likely cause of the issue is C. Third-party applications are not being patched. Even after the patching process is completed, vulnerabilities can still exist in third-party applications that were not included in the patch management policy. It is important to ensure these third-party applications are kept up to date in order to reduce risk.
C.
The vulnerabilities simply are being missed in the patch management process.
It's that simple.
Chatgpt agrees:
Based on the information provided, option C is the most likely cause of the issue. The implementation of a patch management policy does not guarantee that all vulnerabilities will be identified and addressed. In some cases, third-party applications may not be included in the patch management process, or they may require separate patches or updates that are not included in the company's policy
ChatGPT: The most likely cause of the issue is that third-party applications are not being patched. While implementing a patch management policy is a good start, many vulnerabilities are not found in the operating system or core applications but in third-party software. It is important to ensure that all third-party software is included in the patch management policy and that patches are applied regularly to address any vulnerabilities.
Its impossible to be zero day, zero days are not detectable! The definition of a zero day vulnerability are software weaknesses that have yet to be discovered or addressed. A scan is not going to detect a zero day!
Nothing in the question states a third party app present on the systems. it does state that the known available patches failed to secure the endpoints. so id say we are probably seeing Zero Day Vulnerabilities, since those are vulnerabilities for which no patch currently exists.
If it's a zero day vulnerability the scanner wouldn't know anything about it.
A zero day vulnerability isn't a zero day vulnerability anymore after a patch is available.
no, a zero day is detectable so therefor impossible to be A.
upvoted 1 times
...
...
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
examrobo
Highly Voted 2 years agoganymede
Highly Voted 2 years, 1 month agoMortG7
Most Recent 1 year, 3 months agoJMor4n
1 year, 8 months agoganganman
1 year, 9 months agoApplebeesWaiter1122
1 year, 10 months agoZdane
2 years agoAhmed_aldouky
2 years, 1 month agoT4IT
2 years, 1 month agoP_man
2 years agoramesh2022
2 years, 1 month agobrewoz404sd
2 years, 1 month agoganymede
2 years, 1 month agoTheDarkSide2405
2 years, 1 month agoI_Faisal
2 years, 2 months agobrewoz404sd
2 years, 1 month agoganymede
2 years, 1 month agomedulan
2 years, 2 months agoganymede
2 years, 1 month agoJibz18
2 years, 2 months agoPhilosophos
2 years, 2 months agoganymede
2 years, 1 month agobrewoz404sd
2 years, 1 month ago