CompTIA CySA+ (CS0-001) — Question 22

The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:

Locky.js -
xerty.ini
xerty.lib
Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done
FIRST to prevent data on the company NAS from being encrypted by infected devices?

Answer options

• A. Disable access to the company VPN.
• B. Move the files from the NAS to a cloud-based storage solution.
• C. Set permissions on file shares to read-only.
• D. Add the URL included in the .js file to the company's web proxy filter.

Correct answer: D

Explanation

The correct answer is D because adding the URL from the .js file to the web proxy filter will help block any further communications from the ransomware, preventing it from executing and spreading. Options A, B, and C do not directly address the immediate threat posed by the ransomware and may not effectively stop the infection process.