CS0-003 Question #213: Real Exam Question with Answer & Explanation

The correct answer is C: Quarantine the server.. Quarantining the server is the best action to perform immediately, as it isolates the affected server from the rest of the network and prevents the ransomware from spreading to other systems or data. Quarantining the server also preserves the evidence of the ransomware attack, wh

Submitted by devops_kid· Mar 6, 2026Incident Response Management

Question

During a cybersecurity incident, one of the web servers at the perimeter network was affected by ransomware. Which of the following actions should be performed immediately?

Options

AShut down the server.
BReimage the server.
CQuarantine the server.
DUpdate the OS to latest version.

Explanation

Quarantining the server is the best action to perform immediately, as it isolates the affected server from the rest of the network and prevents the ransomware from spreading to other systems or data. Quarantining the server also preserves the evidence of the ransomware attack, which can be useful for forensic analysis and law enforcement investigation. The other actions are not as urgent as quarantining the server, as they may not stop the ransomware infection, or they may destroy valuable evidence. Shutting down the server may not remove the ransomware, and it may trigger a data deletion mechanism by the ransomware. Reimaging the server may restore its functionality, but it will also erase any traces of the ransomware and make recovery of encrypted data impossible. Updating the OS to the latest version may fix some vulnerabilities, but it will not remove the ransomware or decrypt the data.

Topics

#ransomware#containment#incident response#perimeter security

Community Discussion

No community discussion yet for this question.

Full CS0-003 Practice Browse All CS0-003 Questions