An extensible commercial software system was upgraded to the next minor release version to patch a security
vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is
called in to troubleshoot the issue and reports that all core components were updated properly. Which of the
following has been overlooked in securing the system? (Select TWO).

A.
The company’s IDS signatures were not updated.

B.
The company’s custom code was not patched.

C.
The patch caused the system to revert to http.

D.
The software patch was not cryptographically signed.

E.
The wrong version of the patch was used.

F.
Third-party plug-ins were not patched.