large organization's cybersecurity incident response team receives an alert indicating potential threat actor activity on one of its network servers. What should be the team's immediate action based on the incident response lifecycle?

A$.$Wait for more alerts to confirm the incident before taking any action

B$.$Immediately disconnect the affected server from the network to isolate it

C$.$Analyze the alert and its context to determine if a genuine incident has occurred

D$.$Notify the executive decision$-$maker to authorize actions before proceeding