CompTIA Security+ (SY0-601) — Question 679

Which of the following statements BEST describes zero-day exploits?

Answer options

• A. When a zero-day exploit is discovered, the system cannot be protected by any means.
• B. Zero-day exploits have their own scoring category in CVSS.
• C. A zero-day exploit is initially undetectable, and no patch for it exists.
• D. Discovering zero-day exploits is always performed via bug bounty programs.

Correct answer: C

Explanation

The correct answer, C, accurately describes a zero-day exploit as one that is initially unknown and lacks a patch. Option A is incorrect because while immediate protection may be challenging, it is not impossible; option B is misleading as CVSS does not have a specific category for zero-day exploits; and option D is false since zero-day discoveries can occur through other means beyond bug bounty programs.