A user clicked an email link that led to a website than infected the workstation with a virus. The virus encrypted all the network shares to which the user had access The virus was not deleted or blocked by the company’s email filter, website filter, or antivirus. Which of the following describes what occurred?
A. The user’s account was over-privileged.
B. Improper error handling triggered a false negative in all three controls.
C. The email originated from a private email server with no malware protection.
D. The virus was a zero-day attack.
A. over privilegies because the shared docs should not have to be removed if he had the right ones, that is read only ones.
Being over privileged is completely wrong. It doesnt make any sense at all to be correct.
Correct answer should be D because it’s pointing that ” virus was not deleted or blocked by the company’s email filter, website filter, or antivirus.” Nothing stopped that because it was not known and is zero-day attack
It’s probably over-privileged due to the user having admin rights over the shares themselves, thus allowing them to be encrypted. Zero-Day would have made sense if all protections were mentioned to be up-to-date.
I think it is D. Since the antivirus did not catch it, nor did the email spam filter. What does this have to do with being over privileged ?
Why is this over-privileged? The user should have access to their network shares.