CompTIA Security+ (SY0-601) — Question 98

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following BEST describes this type of vulnerability?

Answer options

• A. Legacy operating system
• B. Weak configuration
• C. Zero day
• D. Supply chain

Correct answer: C

Explanation

The correct answer is C, Zero day, as it refers to vulnerabilities that are discovered but not yet patched by the vendor, leaving users exposed. Option A, Legacy operating system, refers to outdated systems that may not be supported; B, Weak configuration, relates to poor system settings; and D, Supply chain, involves vulnerabilities arising from third-party vendors, none of which accurately describe the situation presented.