Exam 350-201 topic 1 question 19 discussion

After the incident response team has collected and documented all the necessary evidence from the computing resource, the next step is to isolate the infected host from the rest of the subnet. This action is crucial to prevent the spread of the malicious file to other systems on the network. Isolation ensures that the threat is contained and does not propagate, which is a key priority in incident response. Once the host is isolated, further steps such as risk assessment, installation of malware prevention software, and analysis of network traffic can be conducted in a controlled and secure manner

B is the best option to take action

B. Isolate the infected host from the rest of the subnet. Isolating the infected host from the rest of the subnet is important to prevent the further spread of the malware to other systems on the network. By disconnecting the host from the network, the incident response team can prevent the malware from communicating with any command and control servers or other systems on the network. A. Conducting a risk assessment of systems and applications, C. Installing malware prevention software on the host, and D. Analyzing network traffic on the host's subnet are all important steps in response to a malware incident, but they should be taken after the infected host has been isolated from the network. - GPT

B is correct

Answer B is correct

Short-term containment—limiting damage before the incident gets worse, usually by isolating network segments, taking down hacked production server and routing to failover. https://www.cynet.com/incident-response/incident-response-sans-the-6-steps-in-depth/