Which of the following attacks are computer threats that try to exploit computer application
vulnerabilities that are unknown to others or undisclosed to the software developer? Each correct
answer represents a complete solution. Choose all that apply.
A.
Buffer overflow
B.
Zero-day
C.
Spoofing
D.
Zero-hour
Explanation:
A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit
computer application vulnerabilities which are unknown to others, undisclosed to the software
vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a
security hole to carry out an attack) are used or shared by attackers before the software vendor
knows about the vulnerability. User awareness training is the most effective technique to mitigate
such attacks.
Answer option C is incorrect. Spoofing is a technique that makes a transmission appear to have
come from an authentic source by forging the IP address, email address, caller ID, etc. In IP
spoofing, a hacker modifies packet headers by using someone else’s IP address to hide his
identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc.
because forging the source IP address causes the responses to be misdirected.
Answer option A is incorrect. Buffer overflow is a condition in which an application receives more
data than it is configured to accept. This usually occurs due to programming errors in the
application. Buffer overflow can terminate or crash the application.