CompTIA Security+ (SY0-601) — Question 544

Which of the following are the most likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two).

Answer options

• A. Certificate mismatch
• B. Use of penetration-testing utilities
• C. Weak passwords
• D. Included third-party libraries
• E. Vendors/supply chain
• F. Outdated anti-malware software

Correct answer: D, E

Explanation

The correct answers, D and E, highlight how included third-party libraries and vendor/supply chain issues can introduce vulnerable code into software. Other options, like certificate mismatches or weak passwords, do not directly contribute to the inclusion of vulnerable code in the final product.