CompTIA Security+ (SY0-501) — Question 12

A user clicked an email link that led to a website than infected the workstation with a virus. The virus encrypted all the network shares to which the user had access. The virus was not deleted or blocked by the company's email filter, website filter, or antivirus. Which of the following describes what occurred?

Answer options

• A. The user's account was over-privileged.
• B. Improper error handling triggered a false negative in all three controls.
• C. The email originated from a private email server with no malware protection.
• D. The virus was a zero-day attack.

Correct answer: D

Explanation

The correct answer is D because a zero-day attack refers to a vulnerability that is exploited before the vendor has a chance to issue a fix. Options A, B, and C are not applicable as they do not directly relate to the scenario where existing protections failed to detect a new, unknown malware threat.