An attacker exploits actual code of an application and uses a security hole to carry out an attack
before the application vendor knows about the vulnerability. Which of the following types of attack
is this?

A.
Replay

B.
Zero-day

C.
Man-in-the-middle

D.
Denial-of-Service

Explanation:
A zero-day attack, also known as zero-hour attack, is a computer threat that tries to
exploit computer application vulnerabilities which are unknown to others, undisclosed to the
software vendor, or for which no security fix is available. Zero-day exploits (actual code that can
use a security hole to carry out an attack) are used or shared by attackers before the software
vendor knows about the vulnerability. User awareness training is the most effective technique to
capture packets containing passwords or digital signatures whenever packets pass between two
hosts on a network. In an attempt to obtain an authenticated connection, the attackers then resend
the captured packet to the system. In this type of attack, the attacker does not know the actual
attacks occur when an attacker successfully inserts an intermediary software or program between
two communicating hosts. The intermediary software or program allows attackers to listen to and
modify the communication packets passing between the two hosts. The software intercepts the
communication packets and then sends the information to the receiving host. The receiving host

of-Service (DoS) attack is mounted with the objective of causing a negative impact on the
performance of a computer or network. It is also known as network saturation attack or bandwidth
consumption attack. Attackers perform DoS attacks by sending a large number of protocol packets
to a network.