exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam

Exam CSSLP topic 2 question 45 discussion

Actual exam question from ISC's CSSLP
Question #: 45
Topic #: 2
[All CSSLP Questions]

An attacker exploits actual code of an application and uses a security hole to carry out an attack before the application vendor knows about the vulnerability.
Which of the following types of attack is this?

  • A. Replay
  • B. Zero-day
  • C. Man-in-the-middle
  • D. Denial-of-Service
Show Suggested Answer Hide Answer
Suggested Answer: mitigate such attacks. Answer: A is incorrect. A replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures 🗳️
A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the vulnerability. User awareness training is the most effective technique to whenever packets pass between two hosts on a network. In an attempt to obtain an authenticated connection, the attackers then resend the captured packet to middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets
Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as network saturation attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a large number of protocol packets to a network.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
74gjd_37
5 months, 2 weeks ago
Selected Answer: B
The type of attack described is B. Zero-day, as it takes advantage of a vulnerability in the application that is not known to the vendor or developers.
upvoted 1 times
74gjd_37
5 months, 2 weeks ago
A zero-day (also known as a 0-day) is a vulnerability in a computer system that was previously unknown to its developers or anyone capable of mitigating it. Until the vulnerability is mitigated, threat actors can exploit it. An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago