What characterizes a zero-day exploit?

A zero-day exploit is characterized by the fact that it takes advantage of a vulnerability in software or hardware that is unknown to the vendor and has not yet been patched. The term "zero-day" refers to the fact that the exploit is used on the same day (or before) the vulnerability is identified, meaning that there are zero days available for the vendor to create and distribute a patch to mitigate the threat. This lack of awareness and protection makes zero-day exploits particularly dangerous, as they can be leveraged by attackers for a variety of malicious purposes until they are discovered and addressed by the vendor.

In contrast, the other options do not accurately reflect the nature of a zero-day exploit. A known vulnerability that is already patched, for instance, does not fit the definition since the patch mitigates any potential exploits. Options discussing strategies for prevention or training do not address the immediate threat posed by zero-day exploits, which are focused on vulnerabilities that are not yet remedied.