An extensible commercial software system was upgraded to the next minor release version to
patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was
detected. The software vendor is called in to troubleshoot the issue and reports that all core
components were updated properly. Which of the following has been overlooked in securing the
system? (Select TWO).
A.
The company’s IDS signatures were not updated.
B.
The company’s custom code was not patched.
C.
The patch caused the system to revert to http.
D.
The software patch was not cryptographically signed.
E.
The wrong version of the patch was used.
F.
Third-party plug-ins were not patched.