CompTIA Security+ (SY0-501) — Question 639

A user receives a security alert pop-up from the host-based IDS, and a few minutes later notices a document on the desktop has disappeared and in its place is an odd filename with no icon image. When clicking on this icon, the user receives a system notification that it cannot find the correct program to use to open this file. Which of the following types of malware has MOST likely targeted this workstation?

Answer options

• A. Rootkit
• B. Spyware
• C. Ransomware
• D. Remote-access Trojan

Correct answer: C

Explanation

The situation described suggests that the user’s document was encrypted or manipulated, which is characteristic of ransomware. Rootkits typically provide backdoor access, spyware collects information, and remote-access Trojans enable external control, but none of these specifically cause files to disappear and present as unopenable like ransomware does.