CompTIA CySA+ (CS0-001) — Question 38

While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened in this situation?

Answer options

• A. The analyst is not using the standard approved browser.
• B. The analyst accidently clicked a link related to the indicator.
• C. The analyst has prefetch enabled on the browser in use.
• D. The alert in unrelated to the analyst's search.

Correct answer: C

Explanation

The correct answer is C because having prefetch enabled can lead to the browser retrieving data from related sites even if the analyst did not directly visit them. Options A and B are less likely as they do not explain the proxy alert's link to the search. Option D is incorrect since the alert is triggered by the indicator in question, not being unrelated.