Answer: A) Restore lost data from a backup.
Step-by-step explanation:
Here we are given a situation where the infected system has been isolated from the network by the system administrator and has also prevented the malicious process from executing. As the infected system already contains some of the important files and documents along with the malicious item therefore it is always necessary to restore the data which has been lost. As we have a backup in the form of a system database so we can restore all the required system files from the backup as the malicious item might have also affected the files in the system therefore option A is correct.
Option B is incorrect as wiping up of the system would lead to severe problems in regard to the files and documents.
Both option C and D are incorrect as these needs to be done in later stages of the incident response process.