CompTIA Security Plus Mock Test Q598

A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability. Which of the following BEST describes this exploit?

A. Malicious insider threat
B. Zero-day
C. Client-side attack
D. Malicious add-on



Correct Answer: B

Section: Threats and Vulnerabilities

Explanation:
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it — this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
In this question, there are no patches are available to mitigate the vulnerability. This is therefore a zero-day vulnerability.

Incorrect Answers:
A: An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems. This is not what is described in this question.
C: Attackers are finding success going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients rather than attacking servers. This is known as a client-side attack. A client-side attack is not what is described in this question.
D: A malicious add-on is a software ‘add-on’ that modifies the functionality of an existing application. An example of this would be an Internet browser add-on. This is not what is described in this question.

References:
http://www.pctools.com/security-news/zero-day-vulnerability/
http://en.wikipedia.org/wiki/Insider_threat