CompTIA CySA+ (CS0-003) — Question 209

An incident response team is assessing attack vectors of malware that is encrypting data with ransomware. There are no indications of a network-based intrusion. Which of the following is the most likely root cause of the incident?

Answer options

• A. USB drop
• B. LFI
• C. Cross-site forgery
• D. SQL injection

Correct answer: A

Explanation

The most likely root cause is 'USB drop' since it refers to the physical method of introducing malware into a system without network intrusion. The other options, such as LFI, Cross-site forgery, and SQL injection, typically involve network-based attacks and do not align with the scenario of no network activity.