An organization has implemented an aggressive patch-management program and deploys vendor updates within 24 hours of release. Which statement best describes the level of protection this practice provides against malware?
It automatically blocks malicious email attachments because the operating system files are up to date.
It significantly reduces exposure to malware that exploit known flaws, but additional controls are still needed to defend against zero-day and social-engineering attacks.
It completely eliminates the risk posed by all malware, including those that exploit zero-day vulnerabilities.
It makes endpoint detection and response (EDR) tools unnecessary because patched systems cannot execute malicious code.
Applying patches quickly closes known software vulnerabilities and therefore blocks many exploits used by commodity malware. It does not guarantee immunity from new or zero-day threats, nor does it stop malware delivered through phishing, malicious macros, or other techniques that do not rely on an unpatched vulnerability. A layered defense that includes security awareness, EDR, email filtering, and least-privilege controls is still required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are zero-day vulnerabilities?
Open an interactive chat with Bash
What other security measures should be taken beyond patching?
Open an interactive chat with Bash
What are some common tactics used by malware beyond software vulnerabilities?