Lack of vendor support implies no security patches. Unsecure protocols are not necessarily always the case.

The risk is Unsecure protocols, that it's cause by lack of vendor support.

The risk of using legacy software is primarily associated with the lack of vendor support. As software ages and becomes outdated, vendors may stop providing updates, security patches, and technical support for it. This lack of support leaves the software vulnerable to new security threats, and any newly discovered vulnerabilities or bugs may remain unaddressed. Hackers can exploit these unpatched vulnerabilities to compromise the system and gain unauthorized access. Continuing to use legacy software without adequate vendor support also means that the company may not receive assistance in case of technical issues or problems. This could result in increased downtime, decreased system performance, and potential data loss. Additionally, legacy software may not be compatible with modern security standards, protocols, and encryption methods, leading to security weaknesses and a higher risk of cyberattacks.

It's perfectly plausible for legacy systems to have protocol issues, but the scenario doesn't state that. All we can definitively infer is that the legacy system—by definition—is not being actively supported or maintained by the vendor, which can cause various issues.

legacy items have protocol issues.

Fact this is a legacy system it doesn't mean it uses default credentails, weak encryption or unsecure protocols. Hence only answer may be "Lack of vendor support"

I would have gone with B initially but if a company is using an outdated software for a critical app, vendors will not want to support them at all because any risk or threat that happens, they can be responsible. The answer is clearly "lack of vendor support"

Lack of vendor support (C) is not a risk. the question asked "Which of the following BEST explains a risk of this practice?" i.e. what happens when there is a lack of vendor support because your using Legacy systems.....answer= unsecure protocols

Legacy Systems - Legacy systems are a source of risk because they no longer receive security updates and because the expertise to maintain and troubleshoot them is a scarce resource

because i am king piotr

Having used legacy software, I would go with C. We don't have enough information to go with anything else. We only know that it is potentially unsupported.

I believe it is Unsecure protocols. It basically saying, its old, there is no vendor support, what is the result = unsecure protocols

The question asks, "which of the following BEST explains a risk of this practice?" in my opinion, from the question, the practice is lack of vendor support but the risk of this lack of vendor support is unsecure protocols. So B is the answer.

C. Lack of vendor support

Agree with C since no patches will be available will increase security risk

Going with the most correct answer here would be C as I searche dthe definition of Legacy online and saw that it literall means "out of date" systems and I am reminded of the recent updates such as how phone companies say they wont support old phones made only 5 years ago (im shocked to think that so many resources go into making a device so short lived - what happened to long life products lol)

I think "lack of Vendor Support" is the reason but not the risk and also I wouldn't discard "Weak Encryption" as a potential risk due to if it is a web server for example, they could still use a "secure protocol" by setting up HTTPS but the encryption might be under SSL 1.0/2.0/3.0 and not even TLS and that would be real risk. These are just my thoughts, I'm open to discuss it.