Which TWO actions are appropriate when handling a confirmed ransomware incident in Microsoft 365?
Isolation contains the spread of ransomware.
Why this answer
Correct: Isolate affected devices to prevent spread, and change passwords for compromised accounts. Wrong: Paying ransom is not recommended; restoring from backup is good but not immediate; scanning with antivirus is reactive and may not remove all traces.