A software security concern when dealing with hardware and devices that have embedded
software or operating systems is:
A.
Patching may not always be possible
B.
Configuration support may not be available
C.
These is no way to verify if a patch is authorized or not
D.
The vendor may not have a method for installation of patches
Always a big fan of linking to bloggers that I love but do not get lots of link really like from.
This is definitely an ambiguous question. If you tell me answer D is the correct answer, why choice A is wrong? Each choice is directly related to another choice.
I bought a HP tablet few years ago. I called their tech support for help. Their tech support did not support the tablet. It means choice B may be correct answer too.
Hope you won’t see this kind of question on the exam.
https://www.schneier.com/blog/archives/2014/01/security_risks_9.html
Correct Answer is either A or D. By reading the article, A sounds more correct than D.
I agree this is a bad question. All four of the answers could be the one the question maker wants. I think B and C are less likely, and I agree that A or D are equally valid.
I think that A must be the correct answer, however, because if the vendor does not have a method for patches, that usually means you have to figure out how to patch things yourself. A worse problem exists when patching is not actually possible, which is often true of embedded systems.
If the vendor may not have a method for installation of the patches then patching may not always be available. I’m choosing A,