nerdexam
EC-Council

312-50V10 · Question #286

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

The correct answer is C. 0-day vulnerability. A zero-day (0-day) vulnerability is a security flaw that has just been discovered and for which no vendor patch or official mitigation yet exists.

Vulnerability Analysis

Question

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

Options

  • AInput validation flaw
  • BHTTP header injection vulnerability
  • C0-day vulnerability
  • DTime-to-check to time-to-use flaw

How the community answered

(28 responses)
  • A
    4% (1)
  • B
    7% (2)
  • C
    89% (25)

Why each option

A zero-day (0-day) vulnerability is a security flaw that has just been discovered and for which no vendor patch or official mitigation yet exists.

AInput validation flaw

An input validation flaw is a specific category of vulnerability caused by failing to sanitize user-supplied data, which is a root-cause classification rather than a timeliness classification.

BHTTP header injection vulnerability

An HTTP header injection vulnerability is a specific web attack technique involving malicious data inserted into HTTP response headers, not a general term for newly discovered flaws.

C0-day vulnerabilityCorrect

The term '0-day' refers to the fact that developers have had zero days to address and patch the newly discovered flaw. Because no fix is available, systems remain exposed until the vendor releases a patch, making 0-day vulnerabilities especially dangerous and valuable to attackers.

DTime-to-check to time-to-use flaw

A time-to-check to time-to-use (TOCTOU) flaw is a specific race condition where the state of a resource changes between a security check and its actual use.

Concept tested: Zero-day vulnerability definition and characteristics

Source: https://csrc.nist.gov/glossary/term/zero_day_vulnerability

Topics

#zero-day#vulnerability classification#unpatched flaw#exploit

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice