CompTIA Security+ (SY0-601) — Question 491

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.)

Answer options

• A. Unsecure protocols
• B. Use of penetration-testing utilities
• C. Weak passwords
• D. Included third-party libraries
• E. Vendors/supply chain
• F. Outdated anti-malware software

Correct answer: D, E

Explanation

The correct answers, D and E, indicate that third-party libraries and supply chain vendors can introduce vulnerabilities if not properly vetted. Options A, B, C, and F do not directly relate to the inclusion of vulnerable code in the final software products.