Q1. Which of the following BEST defines a zero-day vulnerability?
Q2. A security analyst investigates an endpoint that is fully patched and running current antivirus software. The antivirus returns clean results, but the analyst observes a browser process spawning unexpected child processes and making outbound connections to an unknown IP address. Which of the following BEST explains the antivirus returning a clean result?
Q3. In May 2023, Microsoft patched a zero-day vulnerability in which an attacker could run self-signed code during the UEFI boot process. Why is this class of vulnerability particularly dangerous compared to a vulnerability in a standard application?
Q4. An organization learns that a critical zero-day vulnerability in their web server software is being actively exploited in the wild, but the vendor has not yet released a patch. Which of the following represents the MOST appropriate immediate response?
Q5. A patch manager reviews a monthly security update containing 38 CVEs. One High-severity CVE is flagged as "actively exploited in the wild." Two Critical-severity CVEs are not flagged as actively exploited. In what order should these three CVEs be prioritized for patching?
Q6. Which security control is MOST effective at detecting a zero-day attack in progress when no signature exists for the exploit?
Q7. Match each zero-day example to its primary technical characteristic.
Click each term on the left, then click its match on the right.
Click each term on the left, then click its match on the right.
Match each item on the left with its correct characteristic on the right:
April 2023 Chrome zero-day
May 2023 Microsoft zero-day
May 2023 Apple iOS (one of three)
CVE system
A. Allowed self-signed code to run before the OS loads; enabled firmware rootkits that survive reinstallation
B. Memory corruption combined with sandbox escape; allowed code to break out of browser isolation to the OS
C. Public database at cve.mitre.org assigning unique identifiers to disclosed vulnerabilities for tracking and prioritization
D. Arbitrary code execution on mobile devices β allowed attacker-chosen code to run on iPhones and iPads
Click an item on the left to select it, then click its match on the right.