PrepAway - Latest Free Exam Questions & Answers

Which of the following BEST describes this exploit?

A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the
software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.
Which of the following BEST describes this exploit?

PrepAway - Latest Free Exam Questions & Answers

A.
Malicious insider threat

B.
Zero-day

C.
Client-side attack

D.
Malicious add-on

Explanation:
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware
and hurries to fix it–this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user
information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability
becomes known, a race begins for the developer, who must protect users. In this question, there are no patches are available to mitigate the vulnerability. This is
therefore a zero-day vulnerability.
Incorrect Answers:
A: An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or
business associates, who have inside information concerning the organization’s security practices, data and computer systems. This is not what is described in this
question. Therefore, this answer is incorrect.
C: Attackers are finding success going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients
rather than attacking servers. This is known as a client-side attack. A client-side attack is not what is described in this question. Therefore, this answer is incorrect.
D: A malicious add-on is a software `add-on’ that modifies the functionality of an existing application. An example of this would be an Internet browser add-on. This
is not what is described in this question. Therefore, this answer is incorrect.

http://www.pctools.com/security-news/zero-day-vulnerability/ http://en.wikipedia.org/wiki/Insider_threat


Leave a Reply