Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CS0-002 topic 1 question 49 discussion

Actual exam question from CompTIA's CS0-002
Question #: 49
Topic #: 1
[All CS0-002 Questions]

A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch.
Which of the following is the MOST appropriate threat classification for these incidents?

  • A. Known threat
  • B. Zero day
  • C. Unknown threat
  • D. Advanced persistent threat
Show Suggested Answer Hide Answer

Suggested Answer: C

Comments

elfaz
Highly Voted 3 months ago
i believe this is A known threat. If there is a patch but the system just never received the patch, we know this threat. or the vendor does
upvoted 11 times
ufovictim
2 months, 3 weeks ago
100%, the gotcha is the question not saying if the patch had been installed. They’re hoping people jump on zero day or unknown thinking that it got past the patch.
upvoted 2 times
...
I agree with you on this.
upvoted 1 times
who__cares123456789___
2 weeks, 2 days ago
Comments below=WOW! If a patch was released, then zero day came and went. Just because it's zero day to you does not mean that's how the rest of us classify it! You can ONLY PATCH A KNOWN VULNERABILITY. They developed a patch, so by proxy they knew about the issue. They knew about the issue and our analyst here didnt. KNOWN THREAT. This is simple folks.
upvoted 1 times
...
...
...
examcol
Most Recent 1 day, 20 hours ago
I think that correct answer is C. Unknown threat. It is not zero day threat, because the vendor was aware of this threat, therefor vendor previously released a patch. A security analyst has observed several incidents on one specific hardware and further investigation reveals that vendor previously released a patch. It seems that hardware was not updated with patch, this threat was unknown to him and his company, so they did not update the hardware with this patch, the organization was not aware of this risk/threat, so it is unknown threat for him and his company.
upvoted 1 times
...
Feef
2 weeks, 4 days ago
It's a zero day. They noticed incidents within an organization on one piece of hardware. Equipment vendor previously released a patch. Instances after patch was released. Zero day.
upvoted 1 times
...
somsom
1 month, 2 weeks ago
agree with C unknown threat
upvoted 2 times
...
klosinskil
1 month, 2 weeks ago
A is correct "investigation reveals the equipment vendor previously released a patch" - threat was identified, doesn't matter if we knew about it or not
upvoted 1 times
klosinskil
1 month, 2 weeks ago
my mistake, it is C "Unknown known risks are very rare – these are the risks an organization is aware of but is disregarding them, either intentionally or unintentionally. Unknown knowns are not acceptable from a risk management perspective – if a risk is known, everything must be done to manage it. You should have a solution in place that enables your organization to continuously measure the effectiveness of the controls and instigate corrective and preventative actions directly from the analysis and results."
upvoted 3 times
...
...
somsom
1 month, 2 weeks ago
sorry B
upvoted 1 times
...
somsom
1 month, 2 weeks ago
I agree with c -zero day
upvoted 1 times
...
americaman80
1 month, 3 weeks ago
B is the correct answer. Source: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/06/a-zero-day-guide-for-2020/ "By definition, vendors and users do not yet know about the vulnerability. The term zero-day stems from the time the threat is discovered (day zero). From this day a race occurs between security teams and attackers to respectively patch or exploit the threat first."
upvoted 1 times
...
White_T_10
2 months, 2 weeks ago
I'd go with C
upvoted 1 times
...
Enlightened
2 months, 2 weeks ago
I am leaning towards C - Unkown Threats - cannot be identified using basic signature or pattern matching
upvoted 1 times
Obi_Wan_Jacoby
2 months, 2 weeks ago
I can see where C might be correct, seeing as we do not know what the recently released patch is for... should we assume it is for a known threat, or more specific "the current incidents" leveraged against the legacy hardware. Or can we not assume that, and therefore it goes back to an unknown threat... yeah, I can get on board with C
upvoted 3 times
...
...
Obi_Wan_Jacoby
2 months, 3 weeks ago
Well, "Zero day" threats are the most common of "Unknown threats" So it seems maybe answer B and C are redundant. If that is the case, Answer A would make sense. The fact the question mentions the previously released patch, but then gives no mention of the age of that patch or rather it was installed or not makes me agree answer A is what they are looking for.
upvoted 3 times
...
IxlJustinlxl
2 months, 3 weeks ago
I agree with A in that it may not have been patched - but if you are willing to make that assumption, then the answer could also be B - assuming the patch was performed instead, you could infer that there is a zero-day that was not part of the patch and is being used to exploit the system.
upvoted 1 times
...
btoopalow
2 months, 4 weeks ago
I also believe A
upvoted 2 times
...

SaveCancel