CompTIA A+ Core 2 (220-1102) — Question 128

Antivirus software indicates that a workstation is infected with ransomware that cannot be quarantined. Which of the following should be performed FIRST to prevent further damage to the host and other systems?

Answer options

• A. Power off the machine.
• B. Run a full antivirus scan.
• C. Remove the LAN card.
• D. Install a different endpoint solution.

Correct answer: A

Explanation

The correct first step is to power off the machine to stop the ransomware from executing further actions and spreading to other systems. Running a full antivirus scan or installing a different endpoint solution would not be effective until the machine is powered down. Removing the LAN card could be a secondary step but is not as immediate as turning off the machine.