CompTIA Security+ (SY0-601) — Question 72

An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup, but every time the Chief Financial
Officer logs in to the file server, the same files are deleted again. No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?

Answer options

• A. Logic bomb
• B. Cryptomalware
• C. Spyware
• D. Remote access Trojan

Correct answer: A

Explanation

A Logic bomb is designed to trigger under specific conditions, such as when a certain user logs in, which explains why only the Chief Financial Officer is experiencing the file deletions. Cryptomalware typically encrypts files rather than deletes them, while Spyware collects information without causing file loss. A Remote access Trojan allows unauthorized access but does not inherently lead to the deletion of files.