PrepAway - Latest Free Exam Questions & Answers

Which of the following BEST describes this exploit?

A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created
for a frequently used application. She notifies the software vendor and asks them for remediation steps,
but is alarmed to find that no patches are available to mitigate this vulnerability.
Which of the following BEST describes this exploit?

PrepAway - Latest Free Exam Questions & Answers

A.
Malicious insider threat

B.
Zero-day

C.
Client-side attack

D.
Malicious add-on

Explanation:
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is
then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a
zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted
access to user information. The term “zero day” refers to the unknown nature of the hole to those
outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins
for the developer, who must protect users.
In this question, there are no patches are available to mitigate the vulnerability. This is therefore a zeroday vulnerability.
Incorrect Answers:
A: An insider threat is a malicious threat to an organization that comes from people within the
organization, such as employees, former employees, contractors or business associates, who have inside
information concerning the organization’s security practices, data and computer systems. This is not what
is described in this question.
C: Attackers are finding success going after weaknesses in desktop applications such as browsers, media
players, common office applications and e-mail clients rather than attacking servers. This is known as a
client-side attack. A client-side attack is not what is described in this question.D: A malicious add-on is a software ‘add-on’ that modifies the functionality of an existing application. An
example of this would be an Internet browser add-on. This is not what is described in this question.

http://www.pctools.com/security-news/zero-day-vulnerability/
http://en.wikipedia.org/wiki/Insider_threat


Leave a Reply