🔥 3-day streak
CompTIA CySA+ (CS0-003)72 / 147
Question 72 of 147

Following a ransomware incident, the incident response lead facilitates a post-incident review. The team confirms the malware entered through a workstation where a user opened a malicious attachment. The lead is not satisfied with stopping at 'a user clicked a link' and repeatedly asks why each contributing condition existed until the team identifies that the email gateway's attachment sandboxing had been disabled during a migration and never re-enabled. Which root cause analysis technique is the lead applying?

Reviewed for accuracy · Report an issueNext question