CompTIA Security+ (SY0-501) — Question 451

A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an
FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists form the vendor.
Which of the following BEST describes the reason why the vulnerability exists?

Answer options

• A. Default configuration
• B. End-of-life system
• C. Weak cipher suite
• D. Zero-day threats

Correct answer: B

Explanation

The correct answer is B, as an end-of-life system indicates that the vendor no longer provides updates or patches, leaving it vulnerable to exploits. Option A is incorrect because default configurations may not specifically apply to a system that is outdated. Option C refers to cryptographic weaknesses, which are not necessarily related to the age of the software. Option D pertains to exploits that have not been discovered yet, which does not apply to a known vulnerability in an outdated system.