CompTIA Security+ (SY0-601) — Question 696

A security analyst has identified malware spreading through the corporate network and has activated the CSIRT. Which of the following should the analyst do
NEXT?

Answer options

• A. Review how the malware was introduced to the network.
• B. Attempt to quarantine all infected hosts to limit further spread.
• C. Create help desk tickets to get infected systems reimaged.
• D. Update all endpoint antivirus solutions with the latest updates.

Correct answer: B

Explanation

The correct answer is B because quarantining infected hosts is crucial to prevent the malware from spreading further within the network. Options A, C, and D, while important steps in the overall incident response process, should follow the immediate action of containment to minimize damage.