CompTIA Security+ (SY0-701) — Question 346

A user's workstation becomes unresponsive and displays a ransom note demanding payment to decrypt files. Before the attack, the user opened a resume they received in a message, browsed the company's website, and installed OS updates. Which of the following is the most likely vector of this attack?

Answer options

• A. Spear-phishing attachment
• B. Watering hole
• C. Infected website
• D. Typosquatting

Correct answer: A

Explanation

The correct answer is A, as the user opened an attachment from a message, which is a common method for delivering ransomware. The other options are less likely; B (watering hole) involves compromising a website frequently visited by the target, C (infected website) refers to direct website attacks, and D (typosquatting) involves creating similar domain names to trick users, none of which directly relate to the scenario described.