CompTIA CySA+ (CS0-001) — Question 81

An employee was conducting research on the Internet when a message from cyber criminals appeared on the screen, stating the hard drive was just encrypted by a ransomware variant. An analyst observes the following:
✑ Antivirus signatures were updated recently
✑ The desktop background was changed
✑ Web proxy logs show browsing to various information security sites and ad network traffic
✑ There is a high volume of hard disk activity on the file server
✑ SMTP server shown the employee recently received several emails from blocked senders
✑ The company recently switched web hosting providers
✑ There are several IPS alerts for external port scans
Which of the following describes how the employee got this type of ransomware?

Answer options

• A. The employee fell victim to a CSRF attack
• B. The employee was using another user's credentials
• C. The employee opened an email attachment
• D. The employee updated antivirus signatures

Correct answer: A

Explanation

The correct answer is A because CSRF attacks can lead to unauthorized actions being performed on behalf of the user, which may result in the installation of ransomware. The other options are incorrect as there is no evidence suggesting that the employee used another user's credentials, opened an email attachment, or that the antivirus update process directly led to the ransomware infection.