CySA+ CS0-001 – Q. 352


An employee was conducting research on the Internet when a message from cyber criminals appeared on the screen, stating the hard drive was just encrypted by a ransomware variant. An analyst observes the following:
Antivirus signatures were updated recently
The desktop background was changed
Web proxy logs show browsing to various information security sites and ad network traffic
There is a high volume of hard disk activity on the file server
SMTP server shown the employee recently received several emails from blocked senders

The company recently switched web hosting providers There are several IPS alerts for external port scans Which of the following describes how the employee got this type of ransomware?

A. The employee fell victim to a CSRF attack
B. The employee was using another user’s credentials
C. The employee opened an email attachment
D. The employee updated antivirus signatures