Measure the test taker's knowledge about the terms used to identify the risk level of security vulnerabilities.

Do you have to submit your daily security vulnerability alerts? Have you lost patience with your computer and network with various security patches? In fact, not every security vulnerability requires your attention.

People in the industry have told you more than once that keeping up-to-date information about security vulnerabilities helps you protect your computer and its data security. However, the latest security news reports generally contain obscure high-tech terms, making it hard for you to understand the true meaning. To help you better understand and determine which security vulnerabilities need to be taken seriously and which can be ignored, we will briefly introduce some common security threat terms.

Drive-by download: a very serious threat. When browsing a website, you do not need to click an advertisement to trigger Web attacks. Some banner advertisements will attack users who enter the webpage where these advertisements are located, and users will randomly switch from the original website to another website, this website uses browser security vulnerabilities to launch malicious advertising programs and download other programs.

User interaction required: attackers may trick you into downloading a file or opening an attachment and entering the trap they designed. Experts said that in fact, such requests often only require you to click a link and then enter a website containing "browse and download.

Zero-day attack: an attack occurs on the same day of vulnerability discovery. Based on experience, Hackers often discover vulnerabilities before fixing them. In this case, the vulnerability discovery and attack will occur on the same day. Because we did not know the existence of the vulnerability before, there is no way to prevent the attack. However, zero-day attacks are rare.

Proof of concept (Proof-of-concept): researchers found that hackers are using this vulnerability for security attacks. The "concept verification code" targeting csrss processes has been published. Csrss is the running subsystem of the client/server. It starts and closes the process management application software. Once you start malicious code in csrss, you can use this to improve your management permissions, for example, from normal users to administrators.

Remote code execution: attackers can execute any command on the terminal, such as installing Remote control software and further controlling the computer. This type of security vulnerability is quite serious. Once you find any such security vulnerability prompt, you must install the patch quickly.

Denial of Service (Denial of Service): in network security, Denial of Service (DoS) attacks are often used by hackers because of their great dangers and difficult to defend against. There are many DoS attack methods. The most basic DoS attack is to use reasonable service requests to occupy too many service resources, so that computers or networks cannot provide normal services to legitimate users.

Of course, you 'd better install the new security patch. No matter how serious a security vulnerability is, you only need to spend more time thinking.