After isolating a network segment due to an incident, an analyst identifies that the affected systems are part of a distributed high-availability cluster. Remediation must occur with minimal downtime. Which of the following remediation techniques should the analyst employ FIRST?
Apply security patches to the nodes without re-imaging, to return to operational status quickly.
Restore all nodes from the most recent backup after confirming no signs of compromise in the backup.
Re-image nodes one at a time, ensuring that the rest of the cluster is operational throughout the process.
Re-image all affected nodes simultaneously and restore services once verification is complete.