CompTIA Security+ (SY0-501) — Question 472

A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources.
Which of the following is the immediate NEXT step the technician should take?

Answer options

• A. Determine the source of the virus that has infected the workstation.
• B. Sanitize the workstation's internal drive.
• C. Reimage the workstation for normal operation.
• D. Disable the network connections on the workstation.

Correct answer: D

Explanation

The correct answer is D, as disabling network connections prevents the spread of the virus to other systems or sensitive resources. Options A and B may help in the long-term resolution but do not provide immediate containment. Option C is not appropriate until the infection has been contained and assessed.