Following the detection of aberrant behavior on a critical server that correlates with a known vulnerability alert, what immediate action should an analyst take to best mitigate the risk while preserving the ability to investigate the incident?
Examine audit trails and security event log entries to identify any indicators of compromise.
Isolate the server by moving it to a quarantine network.
Configure the surveillance tools to collect more granular information for a potential forensics analysis.
Patch the server immediately with the latest updates available for the suspected vulnerability.