CISSP · Question #459
CISSP Question #459: Real Exam Question with Answer & Explanation
The correct answer is D: End of life system detected. In a vulnerability assessment, an end-of-life (EOL) system represents a high risk because it no longer receives security patches or vendor support, leaving known vulnerabilities permanently unmitigated.
Question
Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report?
Options
- ATransmission control protocol (TCP) port 443 open
- BNon-standard system naming convention used
- CUnlicensed software installed
- DEnd of life system detected
Explanation
In a vulnerability assessment, an end-of-life (EOL) system represents a high risk because it no longer receives security patches or vendor support, leaving known vulnerabilities permanently unmitigated.
Common mistakes.
- A. TCP port 443 is the standard port for HTTPS traffic and its presence is expected and normal in most environments, representing legitimate encrypted web communication rather than a vulnerability.
- B. A non-standard system naming convention is an administrative or compliance concern related to asset management hygiene, but it does not directly introduce a security vulnerability or exploitable attack surface.
- C. Unlicensed software is primarily a legal and compliance risk (software licensing violation) rather than a direct security vulnerability, and would typically appear in a compliance audit rather than as a high-risk security finding.
Concept tested. Identifying high-risk findings in vulnerability assessments
Reference. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Topics
Community Discussion
No community discussion yet for this question.