CompTIA CySA+ (CS0-003) — Question 418

During a cybersecurity incident, one of the web servers at the perimeter network was affected by ransomware. Which of the following actions should be performed immediately?

Answer options

• A. Shut down the server.
• B. Reimage the server.
• C. Quarantine the server.
• D. Update the OS to latest version.

Correct answer: C

Explanation

The correct action is to quarantine the server to prevent the ransomware from spreading to other systems. Shutting down or reimaging the server may be necessary later, but immediate isolation is crucial to contain the threat. Updating the OS won't address the current incident and could potentially expose the system to further risk.