CompTIA CySA+ Practice Test

When a user encounters an attached file that quickly opens and closes a black pop-up, what is the most likely cause?

• A. The attachment is a corrupted file
• B. The attachment is a legitimate PDF document
• C. The attachment is masquerading as a PDF with a double extension
• D. The attachment contains too large of data for the application

The correct answer is: The attachment is masquerading as a PDF with a double extension

The most likely cause of a black pop-up quickly opening and closing is that the attachment is masquerading as a PDF with a double extension. This behavior is often associated with malicious files designed to execute scripts or programs when opened, while appearing innocuous to the user. In this case, an unsuspecting user might believe they're dealing with a PDF document due to the file name, but the double extension (e.g., "document.pdf.exe") can indicate that the file is actually an executable program or script. This is a common tactic used by malware creators to trick users into running harmful code, as the user is less likely to open a file they identify as an executable. Corrupted files typically do not exhibit such behavior; instead, they usually produce error messages or fail to open properly. A legitimate PDF document would not cause a pop-up to appear and disappear; it would generally remain open for the user to view. Lastly, if an attachment contained too much data for the application, you would usually see an error message or a warning, not a quick flash of a window. Hence, the behavior indicated by the scenario definitely points to a file masquerading as something benign while being malicious.