Zero Day is best described as?

• A. A patch released immediately after a vulnerability is discovered.
• B. A new vulnerability only.
• C. Threat, vulnerability, and exploit; not just a new vulnerability.
• D. An antivirus signature.

Answer: (C)

Zero-day captures the idea that the risk isn’t just a flaw itself, but the entire situation surrounding it: a vulnerability that can be exploited before defenders have a fix, the exploit that leverages that flaw, and the live threat this creates during that window. Describing zero-day as the combination of threat, vulnerability, and exploit best fits because it emphasizes that it’s not merely the existence of a flaw, but the active risk posed by the exploit happening before a patch is available. A patch released after discovery describes remediation, not the zero-day condition. A sole vulnerability ignores the exploit and the ongoing threat. An antivirus signature is unrelated to the concept of a zero-day.