CompTIA CySA+ (CS0-003) — Question 37

An end-of-life date was announced for a widely used OS. A business-critical function is performed by some machinery that is controlled by a PC, which is utilizing the OS that is approaching the end-of-life date. Which of the following best describes a security analyst’s concern?

Answer options

• A. Any discovered vulnerabilities will not be remediated.
• B. An outage of machinery would cost the organization money.
• C. Support will not be available for the critical machinery.
• D. There are no compensating controls in place for the OS.

Correct answer: A

Explanation

The correct answer is A because once an operating system reaches its end-of-life, any vulnerabilities that are discovered will not be patched, leaving the system exposed. While options B, C, and D highlight valid concerns, they do not directly address the critical issue of unmanaged vulnerabilities that pose a significant security risk.