Legacy Systems — CompTIA CySA+ (CS0-003) Practice Questions

Legacy systems are hardware or software components that are outdated, no longer vendor-supported, or unable to accept current security patches, yet remain in production because replacement is costly or operationally disruptive. On the CySA+ exam, legacy systems appear frequently in vulnerability management and risk scenarios because they represent persistent, often unresolvable vulnerabilities that require compensating controls rather than direct remediation. Analysts must be able to assess the risk legacy systems introduce, document that risk formally, and recommend compensating measures such as network isolation, strict access controls, or enhanced logging. The exam tests whether candidates can handle the reality that not every vulnerability can simply be patched away.

Free questions on legacy systems

More legacy systems questions in the full bank

• Which remediation action is most appropriate for a vulnerability affecting a legacy system that cannot be patched? Unlock answer & explanation →
• How should you prioritize vulnerability fixes in legacy systems? Unlock answer & explanation →