nerdexam
EC-Council

312-50V11 · Question #286

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

The correct answer is C. 0-day vulnerability. A zero-day vulnerability is a flaw that has been discovered but has no available patch or vendor fix, leaving systems exposed with no remediation path.

Vulnerability Analysis

Question

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

Options

  • AInput validation flaw
  • BHTTP header injection vulnerability
  • C0-day vulnerability
  • DTime-to-check to time-to-use flaw

How the community answered

(19 responses)
  • B
    5% (1)
  • C
    95% (18)

Why each option

A zero-day vulnerability is a flaw that has been discovered but has no available patch or vendor fix, leaving systems exposed with no remediation path.

AInput validation flaw

An input validation flaw is categorized by the technical root cause - improper handling of user-supplied input - not by how recently it was discovered.

BHTTP header injection vulnerability

An HTTP header injection vulnerability is a specific technical class involving malicious content injected into HTTP response headers, unrelated to discovery timeline.

C0-day vulnerabilityCorrect

A 0-day vulnerability is defined by the fact that the vendor has had zero days to respond - the flaw is either unknown to them or known but unpatched. This distinguishes it from other vulnerability classes, which are defined by their technical nature rather than their disclosure status. The absence of a patch is the defining characteristic.

DTime-to-check to time-to-use flaw

A time-to-check to time-to-use (TOCTOU) flaw is a race condition vulnerability where state changes between a check and its use, which is a root-cause classification, not a discovery-status classification.

Concept tested: Zero-day vulnerability definition and classification

Source: https://www.cisa.gov/news-events/news/understanding-patches-and-software-updates

Topics

#zero-day vulnerability#vulnerability types#software flaw#patch management

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice