A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet.
The firm informs the company that an exploit exists for an FTP server that had a version installed from eight years ago.
The company has decided to keep the system online anyway, as no upgrade exists form the vendor.
Which of the following BEST describes the reason why the vulnerability exists?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The BEST answer for this question would be B. End-of-life system.
An end-of-life system is a system or a software that is no longer supported by the vendor. In this case, the company is using an FTP server that is eight years old, and the vendor no longer provides upgrades or support for it. This means that any vulnerabilities discovered in the system will remain unpatched, leaving it open to attacks.
In this scenario, the third-party firm has informed the company that there is an exploit for the FTP server. This means that a vulnerability has been discovered, and attackers can use it to gain unauthorized access to the system. Since the vendor no longer provides upgrades for the system, the company cannot apply a patch to fix the vulnerability.
Keeping the system online despite the known vulnerability is a risky decision, as it exposes the company's network to potential attacks. Attackers can use the vulnerability to gain access to sensitive information or to launch further attacks against the company's network.
Therefore, the best answer for this question is B. End-of-life system, as the vulnerability exists because the vendor no longer provides upgrades or support for the system, leaving it open to attacks.