In a public security advisory, which sentence correctly uses agentless passive voice because the attacker's identity is unknown or irrelevant to disclose?
"The vulnerability was exploited on March 3rd" is the correct agentless passive: it foregrounds the affected system and simply omits the "by..." phrase, which is the standard, professional way to state that an event occurred without naming or speculating about the actor. Option A uses vague active voice with "someone", which is less standard in formal disclosures than a clean passive. Option C unnecessarily adds "by an unknown actor", which is redundant since omitting the agent already implies the actor is not being named. Option D misuses passive morphology on an intransitive-sounding reflexive action, which is not idiomatic.
2 / 5
Which sentence correctly uses agentless passive voice to describe a security fix without naming the individual engineer, appropriate for a public changelog?
"The SQL injection flaw was patched in version 4.2.1" correctly uses the agentless passive to keep the focus on the vulnerability and the fix rather than on who performed it, which is standard practice in public-facing security changelogs where individual attribution is unnecessary or undesirable. Option A names the individual engineer, which is inappropriate for a public advisory. Option C misuses a reflexive-sounding construction that implies the flaw fixed itself, which is nonsensical. Option D is an it-cleft that emphasizes the agent, the opposite of the intended agentless effect.
3 / 5
Which sentence correctly uses agentless passive voice to report that customer data was accessed, without confirming who accessed it, in a breach notification?
"Customer records were accessed between June 1st and June 5th" correctly uses the agentless passive, appropriate when the company wants to disclose the fact of the access without prematurely confirming attribution, which may still be under investigation. Option B misuses a reflexive form that is not standard English. Option C names "attackers" as the confirmed agent, which overstates certainty that may not yet be established. Option D adds "by attackers" at the end, reintroducing the agent the sentence is meant to omit, and unnecessarily switches to past continuous.
4 / 5
Which sentence correctly uses agentless passive voice in a vulnerability disclosure to describe a fix being deployed, focusing on the system state rather than the deployment team?
"The patch was deployed to all production servers by 6 a.m." is the correct agentless passive: it centers the patch and its rollout status, appropriately omitting who performed the deployment, which is standard for public advisories that focus on remediation status rather than internal team credit. Option B is active voice that names the internal team, unnecessary detail for external readers. Option C misuses "deployed" as if it were intransitive, but "deploy" normally requires an object or passive marking, making this ungrammatical here. Option D reintroduces the agent ("by the on-call team") after the passive, defeating the purpose of omitting it.
5 / 5
Which sentence correctly keeps the agent in the passive voice because naming the responsible party is specifically required for accountability, contrasting with the agentless pattern used elsewhere in the advisory?
"The misconfiguration was introduced by a third-party contractor during the October migration" is correct: this is passive voice with the agent explicitly retained via "by a third-party contractor" because accountability requires naming who was responsible, unlike the agentless examples used when the actor is unknown or irrelevant. Option B omits the agent entirely, which would be inappropriate here since accountability is the point. Option C is grammatically valid active voice but does not demonstrate the passive-with-agent structure being tested. Option D is missing the auxiliary "was", making it an incomplete sentence rather than a full passive clause.