Learner prompt: A malware alert hit the SOC. Review the Endpoint and Firewall logs. For each asset, decide: Infected or Clean, then select the Patient Zero and propose the first containment step.