Exam SY0-501 topic 1 question 64 discussion

The question states there was a virus infection. Why would it be false negative ? it is D for sure. Since non of the defenses were able to detect the virus.

It should be D

"The virus was not deleted or blocked by the company's email filter, website filter, or antivirus" they are hinting that the environment is fairly secure..since it was not caught by any of these system, it is something new...that is my logic for zero-day....and we can respectfully disagree :)

D...not an ideal answer, but kind of a vague question and given the other choices, it is most appropriate

KEY words: The virus was not deleted or blocked email filter, website filter, or antivirus so what do you think is known malware or unknown Virus ?

Answer: D A zero-day vulnerability is a weakness or bug that is unknown to trusted sources, such as operating system and antivirus vendors. A zeroday attack exploits an undocumented vulnerability. Many times, the vendor isn’t aware of the issue. At some point, the vendor learns of the vulnerability and begins to write and test a patch to eliminate it. However, until the vendor releases the patch, the vulnerability is still a zero-day vulnerability.

D. There is no way to know if the user should have had access to all those locations or not, so no way to know if he or she was over-privileged. We do know that none of the software designed to detect a virus was triggered, so that suggests that it could be a zero-day attack.

D is the most proper answer in this situation. Because it says a virus

improper error handling is generally a function of secure coding concepts, this is question poses a virus that's signature was not held in the database for the filters or antivirus. Its D

most sources will say B but guys let's use common sense , the attack was a virus but the anti virus couldn't detected ,typically company anti virus are always up to date with the latest definitions and heuristics , the fact that the anti virus didn't recognize it means it was a zero-day virus this means the virus is unknown to any antivirus therefore it couldn't detect it

Aren't zero day attacks specific to software vulnerabilities unknown to the software vendors? The only software in use here is email which phished the user to a site that infected the user AND all of the network resources the user had access too. So, it would seem to me that this is a case of the user being over authorized, so A should be the answer.

The answer is D, because the virus wasn't deleted or blocked by the company filters/antivirus. That is the definition of a zero-day attack... The vendors don't know what to patch yet. Hence *zero day*

The virus was a Zero-day attack.

The virus was a zero-day attack.

D is correct. The clue here is "The virus was not deleted or blocked by the company’s email filter, website filter, or antivirus."

so most secure way to protect the system is having different anti virus vendor on each different place. B seems like a less chance to get infected with strong security implemented

In fact, I'm almost certain. There's no proof that there was an escalation while it explicitly states the case for B.