nerdexam
Exams312-50V11Questions#286
EC-Council

312-50V11 · Question #286

312-50V11 Question #286: Real Exam Question with Answer & Explanation

The correct answer is C: 0-day vulnerability. A zero-day vulnerability is a flaw that has been discovered but has no available patch or vendor fix, leaving systems exposed with no remediation path.

Question

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

Options

  • AInput validation flaw
  • BHTTP header injection vulnerability
  • C0-day vulnerability
  • DTime-to-check to time-to-use flaw

Explanation

A zero-day vulnerability is a flaw that has been discovered but has no available patch or vendor fix, leaving systems exposed with no remediation path.

Common mistakes.

  • A. An input validation flaw is categorized by the technical root cause - improper handling of user-supplied input - not by how recently it was discovered.
  • B. An HTTP header injection vulnerability is a specific technical class involving malicious content injected into HTTP response headers, unrelated to discovery timeline.
  • D. A time-to-check to time-to-use (TOCTOU) flaw is a race condition vulnerability where state changes between a check and its use, which is a root-cause classification, not a discovery-status classification.

Concept tested. Zero-day vulnerability definition and classification

Reference. https://www.cisa.gov/news-events/news/understanding-patches-and-software-updates

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V11 Practice