CERTIFIED-IN-CYBERSECURITY · Question #234
CERTIFIED-IN-CYBERSECURITY Question #234: Real Exam Question with Answer & Explanation
The correct answer is C: An attack previously unknown to the security community. A zero-day vulnerability is a security flaw or weakness in software or hardware previously unknown to the security community, making it vulnerable to exploitation by attackers (ISC2 Study Guide, Module 2, under Types of Threats). This vulnerability is called "zero-day" because th
Question
What is a zero-day vulnerability?
Options
- AAn attack that sets the operating system date and time to 00/00/0000 and 00:00:00
- BA database attack that places the date 00/00/0000 in data tables in an attempt to exploit flaws in
- CAn attack previously unknown to the security community
- DA novice attacker
Explanation
A zero-day vulnerability is a security flaw or weakness in software or hardware previously unknown to the security community, making it vulnerable to exploitation by attackers (ISC2 Study Guide, Module 2, under Types of Threats). This vulnerability is called "zero-day" because the developer has zero days to patch or fix the issue before attackers can exploit it. All other options are incorrect because they are unrelated to a zero-day vulnerability. A novice attacker is not a type of vulnerability; setting the operating system date and time to 00/00/0000 and 00:00:00 if even possible, would not describe a type of vulnerability but rather a specific action taken by an attacker, and placing the date 00/00/0000 in data tables in an attempt to exploit flaws in business logic would be considered a type of attack and not a type of vulnerability.
Topics
Community Discussion
No community discussion yet for this question.