CompTIA Security+ (SY0-701) — Question 253

A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?

Answer options

• A. DDoS attack
• B. Rogue employee
• C. Insider threat
• D. Supply chain

Correct answer: D

Explanation

The correct answer is D, Supply chain, as it refers to vulnerabilities that arise when a third-party vendor's software is compromised, affecting multiple organizations. Options A, B, and C do not accurately describe the scenario, as a DDoS attack involves overwhelming a service, rogue employees refer to individuals acting maliciously from within an organization, and insider threats involve current employees, not third-party updates.