An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments.
Which of the following BEST explains the appliance’s vulnerable state?
A . The system was configured with weak default security settings.
B . The device uses weak encryption ciphers.
C . The vendor has not supplied a patch for the appliance.
D . The appliance requires administrative credentials for the assessment.