Certified Information Systems Security Professional (CISSP) — Question 389

Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?

Answer options

• A. Distributed denial-of-service (DDoS) attack
• B. Advanced persistent threat (APT) attempt
• C. Zero-day attack
• D. Phishing attempt

Correct answer: C

Explanation

A Zero-day attack targets vulnerabilities that are not yet known to the software vendor, making it crucial to monitor open source libraries for such weaknesses. In contrast, a DDoS attack focuses on overwhelming resources, an APT involves prolonged and targeted attacks, and phishing attempts deceive users rather than exploiting software vulnerabilities, making them less related to the monitoring of open source libraries.