CompTIA Security+ (SY0-601) — Question 274

A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the MOST likely cause of the issue?

Answer options

• A. The vendor firmware lacks support.
• B. Zero-day vulnerabilities are being discovered.
• C. Third-party applications are not being patched.
• D. Code development is being outsourced.

Correct answer: C

Explanation

The most likely reason for ongoing vulnerability alerts is that third-party applications are not receiving necessary patches, leaving them exposed. While vendor firmware issues and zero-day vulnerabilities are valid concerns, they do not directly relate to the patching process that has been implemented. Outsourced code development is also less likely to be the immediate cause of the vulnerability flags.