An organization has implemented an aggressive patch-management program and deploys vendor updates within 24 hours of release. Which statement best describes the level of protection this practice provides against malware?
It significantly reduces exposure to malware that exploit known flaws, but additional controls are still needed to defend against zero-day and social-engineering attacks.
It automatically blocks malicious email attachments because the operating system files are up to date.
It completely eliminates the risk posed by all malware, including those that exploit zero-day vulnerabilities.
It makes endpoint detection and response (EDR) tools unnecessary because patched systems cannot execute malicious code.
Applying patches quickly closes known software vulnerabilities and therefore blocks many exploits used by commodity malware. It does not guarantee immunity from new or zero-day threats, nor does it stop malware delivered through phishing, malicious macros, or other techniques that do not rely on an unpatched vulnerability. A layered defense that includes security awareness, EDR, email filtering, and least-privilege controls is still required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are zero-day vulnerabilities, and why do patches not protect against them?
Open an interactive chat with Bash
Why is a layered defense important even when patches are deployed quickly?
Open an interactive chat with Bash
How do social-engineering attacks bypass patched systems?