nerdexam
EC-Council

312-50V9 · Question #59

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

The correct answer is C. 0-day vulnerability. A zero-day vulnerability is a newly discovered flaw for which no vendor patch or fix yet exists, giving defenders zero days to respond.

Vulnerability Analysis

Question

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

Options

  • AInput validation flaw
  • BHTTP header injection vulnerability
  • C0-day vulnerability
  • DTime-to-check to time-to-use flaw

How the community answered

(42 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    86% (36)
  • D
    10% (4)

Why each option

A zero-day vulnerability is a newly discovered flaw for which no vendor patch or fix yet exists, giving defenders zero days to respond.

AInput validation flaw

Input validation flaws describe vulnerabilities caused by insufficient sanitization of user-supplied data, which is a class of vulnerability type, not a descriptor for when a flaw was discovered.

BHTTP header injection vulnerability

HTTP header injection is a specific technique where unvalidated input is inserted into HTTP response headers, not a general category for newly discovered vulnerabilities.

C0-day vulnerabilityCorrect

The term 'zero-day' (0-day) describes a vulnerability that has just been discovered, meaning the vendor has had zero days to develop and release a patch. Because no fix is available, systems remain exposed from the moment of discovery until a patch is issued. This is precisely the scenario described - a newly discovered flaw with no existing remediation.

DTime-to-check to time-to-use flaw

A time-to-check to time-to-use (TOCTOU) flaw is a race condition vulnerability where resource state changes between a security check and its use, which is unrelated to the recency of discovery.

Concept tested: Definition and classification of zero-day vulnerabilities

Source: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Topics

#zero-day vulnerability#software flaw#unpatched vulnerability#vulnerability types

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice