# Zero-day

> Source: Courseiva IT Certification Glossary — https://courseiva.com/glossary/zero-day

## Quick definition

A zero-day is a hidden vulnerability in software that hackers discover and use before the company that made the software knows about it. Because there is no fix ready, the attack can succeed immediately. The term comes from the fact that developers have had zero days to fix the problem. It is one of the most serious types of security threats in IT.

## Simple meaning

Imagine you live in a house with a locked front door. One day, a burglar figures out that your back window does not actually latch properly. You have no idea this problem exists. You have never had a reason to check that window, and you certainly have not fixed it. The burglar can now sneak in any time, silently, and you will not know until something is missing. That hidden, unfixed weakness is exactly what a zero-day is in the digital world.

In software terms, every program has millions of lines of code. Developers try to test everything before releasing the software, but no one is perfect. Sometimes a flaw slips through, a tiny mistake in the code that an attacker can use to break in. The attacker is the burglar who finds the unlocked window. The software company is the homeowner who does not know about the problem. The term zero-day means that from the moment the company learns about the flaw, they have had zero days to create a fix. Attackers love these because the window stays open until the company figures out the problem and sends out a patch.

Once the company learns about a zero-day, they race to write a software update that corrects the mistake. That update is called a patch. Until the patch is installed on every computer running that software, every single system is vulnerable. This is why zero-days are so valuable to hackers and so terrifying for security teams. They can remain hidden for weeks, months, or even years. In the IT world, discovering a zero-day is like finding a secret tunnel into a bank vault that nobody knows exists. You can walk in and out without setting off any alarms until the tunnel is discovered and sealed off.

## Technical definition

A zero-day vulnerability is a software security flaw that is unknown to the software vendor and for which no security patch has been released. The term zero-day refers to the number of days the vendor has known about the vulnerability, exactly zero. The attack that exploits this vulnerability before a patch is available is called a zero-day exploit. The entire lifecycle includes the vulnerability discovery, the creation of an exploit, the attack window, and eventually the patch release.

From a technical standpoint, zero-day vulnerabilities arise from coding errors, design flaws, or unexpected interactions between software components. Common root causes include buffer overflows, use-after-free errors, race conditions, improper input validation, and privilege escalation paths. For example, a buffer overflow occurs when a program writes more data to a memory buffer than it can hold, causing adjacent memory locations to be overwritten. An attacker can craft input data that triggers this overflow and then injects malicious code into the overwritten memory region. The code then executes with the privileges of the vulnerable program, potentially giving the attacker control of the system.

Zero-day exploits are often delivered through spear-phishing emails containing malicious attachments, drive-by downloads from compromised websites, or direct network attacks. Attackers may chain multiple zero-day vulnerabilities together to achieve a complete compromise. Once an exploit executes, it often establishes a backdoor or installs a remote access trojan. The exploit may also attempt to escalate privileges to gain administrative or root-level access, allowing the attacker to move laterally across the network, steal data, or install ransomware.

From a defensive perspective, zero-days are extremely difficult to detect because traditional antivirus signatures and intrusion detection system rules are based on known threats. Advanced threat protection solutions use behavioral analysis, sandboxing, and anomaly detection to identify suspicious activity that may indicate a zero-day attack. The Windows operating system, for example, includes features like Windows Defender Exploit Guard, Application Guard, and controlled folder access to mitigate potential zero-day impacts. On Linux systems, tools like SELinux and AppArmor enforce mandatory access controls that can limit the damage even if an exploit succeeds.

In the enterprise IT environment, the discovery of a zero-day triggers an emergency incident response process. The security team must identify all affected systems, apply temporary mitigations such as blocking specific network traffic or disabling vulnerable services, and then deploy the vendor-supplied patch as soon as it becomes available. This process is often governed by a vulnerability management policy aligned with frameworks such as NIST, CIS Controls, or ISO 27001. The severity of a zero-day is typically rated using the Common Vulnerability Scoring System, with many zero-days scoring 9.0 or higher out of 10 because they require no user interaction and can be exploited remotely.

## Real-life example

Think about a secure apartment building. Every resident has a key fob that unlocks the main door and their individual apartment door. The building manager believes the system is perfectly safe. Now imagine a clever thief notices that if you swipe the fob very quickly twice, the electronic lock on the main door glitches and stays unlocked for three seconds. The thief can then pull the door open without ever needing a fob. The building manager has no idea this flaw exists. The fob manufacturer designed the system and never tested that specific rapid swiping pattern. This is the zero-day vulnerability.

The thief can now enter the building any time, day or night, without being recorded. Residents think they are safe because the door locks behind them, but the thief slips in during those three seconds. The thief might even tell other thieves about this trick, and soon multiple people are using the same hidden entry point. The building manager only finds out when a resident notices the door sometimes clicks open strangely or when the thief is caught on a hidden camera. Only then does the manager call the fob company, and the company starts working on a software update for the lock system.

Until that update is installed on every door, the entire building is at risk. Residents cannot simply change their locks because the problem is in the central system. This is exactly how zero-day exploits work in the digital world. The software vendor has no idea the vulnerability exists, so no fix is available. Attackers can use the flaw repeatedly until the vendor learns about it, develops a patch, and users install it. The window of vulnerability is completely open, and the only defense is to detect the attack behavior itself, not the known flaw.

## Why it matters

Zero-day vulnerabilities matter because they represent the most dangerous class of security threats in IT. Unlike known vulnerabilities that can be patched, zero-days have no official fix at the time of discovery. This means organizations are completely defenseless unless they have advanced detection systems in place. For IT professionals, understanding zero-days is critical because these flaws are often used in targeted attacks against high-value organizations, including government agencies, financial institutions, healthcare providers, and technology companies.

From a practical IT perspective, zero-days force security teams to adopt a defense-in-depth strategy. You cannot rely solely on patch management because there is no patch. Instead, you must implement layers of security controls: network segmentation, application whitelisting, behavior-based endpoint detection, and strict user privilege management. When a zero-day is discovered in a widely used product like Microsoft Windows, Adobe Reader, or Google Chrome, the entire IT industry shifts into emergency mode. Security researchers rush to analyze the exploit, vendors rush to produce a patch, and system administrators rush to test and deploy that patch across thousands of devices.

The business impact of a zero-day can be catastrophic. A single unpatched zero-day in a web server can lead to a data breach exposing millions of customer records. The costs include regulatory fines, legal fees, customer compensation, and irreparable reputational damage. For IT professionals, the ability to respond quickly and correctly to a zero-day incident is a core competency. It involves threat intelligence gathering, vulnerability assessment, temporary mitigation deployment, and coordinated patching. Many organizations maintain a zero-day response playbook that outlines exactly what steps to take when a new zero-day is announced.

zero-days are traded on a black market for enormous sums. Governments and cybercriminal groups pay millions of dollars for a single reliable zero-day exploit. This creates an entire underground economy where discovering a flaw can be more profitable than reporting it responsibly. IT professionals must be aware of this landscape because it influences the frequency and sophistication of zero-day attacks. The more valuable the target, the more likely attackers are to invest in finding or purchasing a zero-day exploit specifically tailored to that organization's systems.

## Why it matters in exams

Zero-day is a highly testable concept in IT certification exams, particularly those focused on security. For the CompTIA Security+ exam, which is a primary certification for this term, zero-day appears under domain 1.0 Threats, Attacks, and Vulnerabilities, specifically objective 1.2 covering types of attacks. Expect questions that ask you to define a zero-day, identify characteristics that distinguish it from other attack types, and understand the window of vulnerability. You may see scenario-based questions where you must determine if a given situation describes a zero-day attack or a known vulnerability exploit.

For the CompTIA CySA+ exam, zero-day is also a primary topic. This exam goes deeper into detection and response. Questions may present a scenario where an analyst detects abnormal network behavior and must identify it as a possible zero-day. You need to know the proper incident response steps: contain the threat, analyze the malware, communicate with the vendor, and implement temporary controls. The CySA+ exam also tests your ability to use threat intelligence feeds and understand how zero-day exploits are shared within the security community.

For the CISSP exam, zero-day is an important concept under the Security Architecture and Engineering domain, as well as the Software Development Security domain. You may encounter questions about secure coding practices that prevent zero-day vulnerabilities, such as input validation, proper memory management, and static code analysis. The CISSP also tests your understanding of the zero-day lifecycle from discovery to patch and the concept of responsible disclosure versus full disclosure. Questions may ask you to recommend the best course of action when a zero-day is discovered in a critical application.

For the CEH exam, zero-day is a core topic, often appearing under the section on system hacking and vulnerability analysis. You may be asked to describe how ethical hackers search for zero-day vulnerabilities using fuzzing, reverse engineering, and code review. You might also see questions about the black market for zero-days and the legality of selling or trading exploit code. The CEH exam expects you to understand the ethical implications and the difference between a vulnerability and an exploit.

Even for the AWS Certified Security specialty exam, zero-day appears as a consideration for threat modeling. You need to understand that even cloud services can be affected by zero-day vulnerabilities in the underlying hypervisor or operating system. The exam tests your ability to design architectures that minimize the blast radius of a zero-day exploit, for example by using multiple Availability Zones, automated failover, and immutable infrastructure where instances are replaced rather than patched.

In all these exams, the key concept to remember is the definition: a vulnerability unknown to the vendor with no patch available. Attackers can exploit it before the vendor has a chance to respond. The window of vulnerability is the time between the exploit being used and the patch being applied. Exam questions often test this timeline and the fact that the only defense is detection of the attack behavior, not the vulnerability signature.

## How it appears in exam questions

Zero-day questions appear in several common patterns across IT certification exams. The first pattern is the definition question. You might be asked, What is a zero-day vulnerability? The answer choices will include distractors like a vulnerability that has been known for zero days after the patch was released, or a vulnerability that affects zero systems. The correct answer is a vulnerability that is unknown to the vendor and for which no patch exists.

The second pattern is the scenario question. You are given a description of an incident: An organization discovers that an attacker has compromised several servers using a previously unknown method. The software vendor has not released a security bulletin. What type of attack is this? The answer is zero-day. Sometimes the scenario includes details about how the attacker gained access through a flaw in a web application that was not documented. The key clue is that the vendor is unaware and no patch exists.

The third pattern involves the concept of the window of vulnerability. You may see a question like, When does the window of vulnerability begin for a zero-day exploit? The options might include when the vendor releases the patch, when the vulnerability is discovered by the attacker, or when the vendor is notified. The correct answer is when the vulnerability is discovered by the attacker, because the window opens the moment the attacker has an exploit that can be used before the vendor knows about it. The window closes only after the patch is applied to all systems.

Another common question type asks you to distinguish zero-day from related terms. For example, What is the difference between a zero-day vulnerability and a zero-day exploit? The vulnerability is the flaw itself, while the exploit is the code or technique used to take advantage of that flaw. You may also be asked to differentiate between a zero-day and a known vulnerability that has a patch available but has not been applied yet. The latter is not a zero-day because the vendor knows about it and has released a fix.

In performance-based questions, especially on CompTIA exams, you might be given a network diagram and log entries and asked to identify signs of a zero-day attack. Look for indicators like unusual outbound connections, processes spawning unexpected child processes, or fileless malware execution. You may need to select the appropriate incident response step, such as isolate the affected system, capture a memory dump, and monitor network traffic for lateral movement.

Some exams include questions about mitigation. For example, Which of the following is the most effective defense against zero-day attacks? The answer is not a traditional antivirus, which relies on signatures. Instead, effective defenses include application whitelisting, behavior-based monitoring, user education, and least-privilege policies. You may also see questions about the role of a web application firewall in blocking zero-day web attacks by inspecting traffic for malicious payloads, even if the specific vulnerability is unknown.

Finally, ethical hacking exams may present a scenario where you are tasked with discovering a zero-day. The question might ask about techniques like fuzzing, source code auditing, or dynamic analysis. You need to know which tool or method is appropriate for different types of software. For example, a network service might be tested with a fuzzer that sends malformed packets, while a desktop application might be tested with a debugger and a fuzzer for file formats.

## Example scenario

You are the IT security administrator for a mid-size company that uses a popular customer relationship management (CRM) application. One Monday morning, your team receives several user reports that the CRM is running very slowly and some files seem to have been modified without authorization. You check the application logs and find no suspicious activity. The antivirus software has not flagged anything. The CRM vendor has not issued any security alerts or patches recently.

You decide to run a deeper analysis using a network monitoring tool. You notice that one of the CRM servers is sending encrypted data packets to an external IP address that is not in your normal traffic patterns. The server process that is sending this data is a legitimate system process called crmsvc.exe, but its behavior is unusual. You check the file integrity and find that crmsvc.exe matches the vendor's original hash, so it has not been tampered with. This suggests that the running process itself has a vulnerability that is being exploited.

You contact the CRM vendor's security team and describe what you have found. They confirm that they have not seen this behavior before and begin analyzing their software. After two days, the vendor announces that they have discovered a previously unknown buffer overflow vulnerability in the way their application processes certain types of user input. An attacker could craft a special request that overwrites memory and executes malicious code silently. This is a zero-day vulnerability. The vendor releases an emergency patch and asks all customers to apply it immediately.

In your organization, you must now develop a plan to deploy the patch across thousands of workstations and servers. Because the zero-day has been publicly announced, attackers will be scanning for vulnerable systems. Your incident response team must work around the clock to test the patch, schedule deployment, and monitor for any signs of active exploitation during the window of vulnerability. You also need to review your firewall and intrusion prevention system rules to see if any temporary signatures can block the exploit. This scenario illustrates how a zero-day can be discovered through behavior monitoring, how the vendor response works, and how the IT team must act quickly to protect the organization.

## Common mistakes

- **Mistake:** Thinking a zero-day is any vulnerability that has not been patched yet.
  - Why it is wrong: A vulnerability that is known to the vendor and has a patch available is not a zero-day, even if the patch has not been applied to your system. The term zero-day specifically refers to the vendor having zero days of knowledge about the vulnerability. If the vendor knows about it and has developed a fix, it is a known vulnerability, not a zero-day.
  - Fix: Remember: zero-day means the vendor does not know. If the vendor knows, it is not zero-day, regardless of whether you have installed the patch.
- **Mistake:** Believing that antivirus software can easily detect zero-day attacks.
  - Why it is wrong: Traditional signature-based antivirus relies on known patterns of malicious code. A zero-day exploit uses a brand-new method that has never been seen before, so there is no signature to match. Antivirus may only detect the attack after the vendor updates the signature database, which happens after the zero-day is known and a patch is available.
  - Fix: Understand that detection of zero-days requires behavior-based analysis and endpoint detection and response tools, not just antivirus. In exams, think about heuristics and anomaly detection, not signatures.
- **Mistake:** Confusing a zero-day exploit with a zero-day vulnerability.
  - Why it is wrong: The vulnerability is the weakness in the software. The exploit is the actual code or technique that attackers use to take advantage of that weakness. They are not interchangeable. A vulnerability can exist without an exploit being developed. Once an exploit is created and used, that is a zero-day attack.
  - Fix: Use the memory aid: vulnerability is the unlocked door, exploit is the burglar's tool to open it. In exam questions, read carefully to see whether they ask about the flaw or the method of attack.
- **Mistake:** Assuming that zero-day vulnerabilities are only found in operating systems.
  - Why it is wrong: Zero-day vulnerabilities can exist in any software product, including web applications, browsers, firmware, plugins, and even hardware drivers. Some of the most dangerous zero-days have been found in widely used applications like Microsoft Office, Adobe Reader, and Java. In fact, many zero-days target application-level flaws because they are more exposed to user input.
  - Fix: In exam scenarios, consider that zero-days can affect any software that processes untrusted data. Do not limit your thinking to just Windows or Linux. Think about the attack surface of the application in the question.

## Exam trap

{"trap":"A question states: 'A security researcher discovers a vulnerability and reports it to the vendor. The vendor issues a patch two weeks later. During those two weeks, an attacker exploits the vulnerability. Is this a zero-day attack?' Some learners answer 'no' because the vendor was notified and a patch was being developed.","why_learners_choose_it":"Learners think that because the vendor was informed, the vulnerability is no longer 'unknown to the vendor.' They forget that the key factor is the availability of a patch at the time of exploitation. The vendor may know about the vulnerability but until a patch is released and deployed, the attack is still considered zero-day because no fix was available when the attack occurred.","how_to_avoid_it":"Remember: zero-day defines the window of vulnerability, which lasts from when the exploit is used until the patch is applied. Even if the vendor knows, the attack is zero-day if no patch exists at the time of the exploit. The term 'zero-day' is about the patch timeline, not the knowledge timeline. In exams, always check whether a patch was available when the attack happened."}

## Commonly confused with

- **Zero-day vs Known vulnerability:** A known vulnerability is a flaw that has been publicly disclosed and for which a patch or workaround exists. In contrast, a zero-day vulnerability has no patch and no public disclosure. The difference is whether the vendor and the security community are aware of the flaw and have released a fix. (Example: A cracked window that the landlord knows about and has ordered a replacement for is a known vulnerability. A cracked window that no one knows about is a zero-day.)
- **Zero-day vs Zero-click exploit:** A zero-click exploit is a type of exploit that requires no interaction from the user, such as opening a file or clicking a link. While many zero-day exploits are also zero-click, the terms are not the same. Zero-click describes the delivery method, while zero-day describes the timeline of patch availability. A zero-click exploit can target a known vulnerability with a patch available, although that would be unusual. (Example: A text message that automatically installs malware without you tapping anything is zero-click. If that vulnerability is unknown to the vendor and unpatched, it is also zero-day.)
- **Zero-day vs Advanced persistent threat (APT):** An APT is a long-term targeted attack conducted by sophisticated threat actors, often state-sponsored. While APT groups frequently use zero-day exploits to gain initial access, the zero-day is just one tool in their toolbox. An APT is defined by its persistence, objectives, and resources, not by the specific vulnerabilities it exploits. You can have a zero-day attack that is not part of an APT, and you can have an APT that never uses a zero-day. (Example: A burglar who breaks into a house using a secret, unknown door flaw is using a zero-day. That same burglar living in the house secretly for months, stealing little by little, is an APT. The secret door is the zero-day; the long stay is the APT.)

## Step-by-step breakdown

1. **Discovery by attacker** — A malicious actor finds a flaw in software through techniques like fuzzing, reverse engineering, or code analysis. The attacker creates an exploit to take advantage of this flaw. At this point, only the attacker knows about the vulnerability.
2. **Weaponization of exploit** — The attacker packages the exploit into a deliverable form, such as a malicious email attachment, a compromised website script, or a network packet. The exploit is designed to be reliable and avoid detection by common security tools.
3. **Delivery and exploitation** — The attacker delivers the exploit to the target system, for example through a spear-phishing email or a drive-by download. The exploit triggers the vulnerability, causing the target software to behave in an unintended way, often allowing code execution or privilege escalation.
4. **Establishment of foothold** — Once the exploit executes, the attacker typically installs a backdoor, downloads additional malware, or creates a persistent account to maintain access. The attacker may then move laterally across the network, escalating privileges and searching for sensitive data.
5. **Discovery by vendor or defenders** — The zero-day may be discovered when a security researcher finds the flaw independently, an intrusion detection system alerts on unusual behavior, or the public notices a widespread attack. The vendor is notified and begins analyzing the vulnerability.
6. **Development of patch** — The software vendor works to create a security patch that fixes the flaw. This process involves reproducing the bug, developing a code fix, testing it thoroughly, and preparing it for distribution. This step can take days to weeks depending on the complexity.
7. **Patch release and deployment** — The vendor releases the patch to the public. System administrators and users must then test and deploy the patch across all affected systems. Only after the patch is installed on a system does the window of vulnerability close for that system.

## Practical mini-lesson

In practice, defending against zero-day vulnerabilities requires a mindset shift from reactive to proactive security. The first layer of defense is to reduce the attack surface. This means disabling unnecessary services, removing unused software, and applying the principle of least privilege to user accounts and system processes. If an attacker cannot reach a vulnerable service because it is not running, the zero-day exploit is useless. For example, many Windows servers have unneeded roles and features enabled by default. An administrator should audit these and disable anything not required for the server's function. This directly reduces the number of potential zero-day targets.

The second critical defense is the use of application allowlisting, also known as whitelisting. This technique only permits approved executables, scripts, and libraries to run on a system. Even if a zero-day exploit manages to drop a malicious executable, the allowlist policy will block its execution. Microsoft's AppLocker and Windows Defender Application Control are common tools for this. In a Linux environment, similar control can be achieved with SELinux policies or using tools like fapolicyd. In exams, remember that application allowlisting is one of the most effective controls against zero-day malware because it does not rely on signature detection.

Third, deploy endpoint detection and response (EDR) solutions that use behavioral analysis and machine learning. EDR tools monitor processes, file system changes, registry modifications, and network connections in real time. They can detect the unusual behavior typical of a zero-day exploit, such as a word processor spawning a command shell, or a script creating an outbound connection to a known malicious IP address. When such behavior is detected, the EDR can automatically isolate the endpoint and alert the security team. In a certification exam scenario, if you see a question about detecting a zero-day without signatures, think of EDR and behavioral analytics.

Fourth, implement network segmentation and microsegmentation. Even if a zero-day exploit compromises one server, segmentation prevents the attacker from freely moving to other parts of the network. For example, a web server in a DMZ should not have direct access to the internal domain controller. If the web server is compromised via a zero-day, the attacker should not be able to reach the payroll database. VLANs, firewalls, and software-defined networking policies enforce these boundaries. In exam questions, network segmentation is a recurring answer for limiting the blast radius of any attack, including zero-days.

Finally, maintain a robust vulnerability management program. While zero-days are unknown, many attacks actually exploit known vulnerabilities that have patches available but are not applied. By diligently patching known vulnerabilities, you reduce the overall risk and free up resources to focus on zero-day detection. Also, subscribe to threat intelligence feeds from sources like the US-CERT, vendor security advisories, and industry-specific information sharing groups. Early warning about a new zero-day gives your organization precious time to implement temporary mitigations. In the real world, the security team that has a tested incident response plan and a clearly defined patching process will recover much faster than a team that does not.

## Memory tip

Zero-day: Zero patches, zero knowledge, zero days to fix. The attacker knows, the vendor does not, and the clock starts ticking when the exploit is fired.

## FAQ

**Can a zero-day vulnerability exist in hardware?**

Yes, zero-day vulnerabilities can exist in hardware, particularly in firmware, microcode, or hardware drivers. Examples include flaws in CPU microcode that allow privilege escalation. These are often more difficult to patch because firmware updates are required.

**How long does a zero-day vulnerability typically remain undiscovered?**

There is no fixed timeline. Some zero-days are discovered within hours of a software release, while others can remain hidden for years. The average time between discovery by an attacker and disclosure to the vendor is often measured in months, but it varies widely.

**What is responsible disclosure for a zero-day?**

Responsible disclosure is when a security researcher privately reports the vulnerability to the vendor before making it public. This gives the vendor time to develop a patch before attackers can exploit the knowledge. It is considered ethical practice in the security community.

**Are zero-day attacks always detected quickly?**

No, many zero-day attacks go undetected for long periods, sometimes years. The exploit may be used in a very targeted manner with low volume, making it hard to distinguish from normal traffic. Only when security researchers analyze the malware or the vendor releases a patch does the attack become known.

**What is a zero-day in the context of mobile devices?**

Mobile devices are also vulnerable to zero-day attacks. These can target the operating system (iOS or Android), the mobile browser, or applications like messaging or email clients. Mobile zero-days are especially dangerous because devices often lack robust endpoint security controls.

**Does a virtual private network (VPN) protect against zero-day attacks?**

A VPN encrypts traffic between your device and the VPN server, but it does not protect against zero-day exploits that target applications or operating systems on your device. If you visit a malicious website that exploits a zero-day in your browser, the VPN does not block the exploit itself.

## Summary

A zero-day vulnerability is a software security flaw that is unknown to the vendor and has no patch available. The term zero-day refers to the number of days the vendor has had to fix the problem, which is zero at the moment of exploitation. Attackers who discover or purchase these flaws can use them to compromise systems before defenders can respond, making zero-days one of the most dangerous threat categories in IT.

For IT professionals, understanding zero-days is essential for building effective defenses. Because traditional patching is impossible, security strategies must focus on reducing attack surface, using behavioral detection, implementing application allowlisting, and deploying network segmentation. Certification exams across CompTIA Security+, CySA+, CISSP, and CEH test this knowledge through definition questions, scenario-based problems, and incident response steps. The key exam takeaway is that a zero-day is defined by the absence of a patch at the time of attack, not by whether the vendor eventually knows about it.

In the real world, zero-day attacks can lead to data breaches, ransomware outbreaks, and long-term espionage. Organizations that have a robust incident response plan, up-to-date threat intelligence, and layered defenses are better positioned to withstand the impact. As you continue your IT certification journey, remember that zero-day is not just a vocabulary word, it is a fundamental concept that shapes how security professionals think about risk, detection, and response in an ever-changing threat landscape.

---

Practice questions and the full interactive page: https://courseiva.com/glossary/zero-day
