Topic: CS0-003 topic 1 question 132
A security analyst discovers an ongoing ransomware attack while investigating a phishing email. The analyst downloads a copy of the file from the email and isolates the affected workstation from the network. Which of the following activities should the analyst perform next?
A.
Wipe the computer and reinstall software
B.
Shut down the email server and quarantine it from the network
C.
Acquire a bit-level image of the affected workstation
D.
Search for other mail users who have received the same file