CompTIA CySA+ (CS0-003) — Question 146

During an incident, some IoCs of possible ransomware contamination were found in a group of servers in a segment of the network. Which of the following steps should be taken next?

Answer options

• A. Isolation
• B. Remediation
• C. Reimaging
• D. Preservation

Correct answer: A

Explanation

The correct response is A, Isolation, as it is crucial to separate the affected systems from the network to prevent the potential spread of ransomware. Remediation, reimaging, and preservation are important but should occur after ensuring that the threat is contained and does not propagate further.