CompTIA A+ Core 2 (220-1102) — Question 381

A branch office suspects a machine contains ransomware. Which of the following mitigation steps should a technician take first?

Answer options

• A. Disable System Restore.
• B. Remediate the system.
• C. Educate the system user.
• D. Quarantine the system.

Correct answer: D

Explanation

The correct initial step is to quarantine the system to prevent the potential spread of ransomware to other devices. Disabling System Restore, remediating the system, or educating the user can be done later, but isolating the affected machine is crucial to contain the threat immediately.