nerdexam
CompTIA

CV0-003 · Question #419

A non-critical vulnerability has been identified by a Linux vendor, who has released a patch and recommends that it be applied immediately. Which of the following is the BEST plan for the cloud admini

The correct answer is D. Deploy the patch to the development and QA environments and request a functional test review.. For a non-critical vulnerability, the correct process is to validate the patch in non-production environments before any production deployment.

Operations and Support

Question

A non-critical vulnerability has been identified by a Linux vendor, who has released a patch and recommends that it be applied immediately. Which of the following is the BEST plan for the cloud administrator to install the patch?

Options

  • ASchedule an emergency maintenance window and deploy the patch to servers in production.
  • BDeploy the patch to the failover cluster and force a failover to the patched environment.
  • CDeploy the patch to half of the servers in production and monitor for any issues.
  • DDeploy the patch to the development and QA environments and request a functional test review.

How the community answered

(55 responses)
  • A
    13% (7)
  • B
    7% (4)
  • C
    4% (2)
  • D
    76% (42)

Why each option

For a non-critical vulnerability, the correct process is to validate the patch in non-production environments before any production deployment.

ASchedule an emergency maintenance window and deploy the patch to servers in production.

Declaring an emergency maintenance window is disproportionate for a non-critical vulnerability and skips the required testing in lower environments before production deployment.

BDeploy the patch to the failover cluster and force a failover to the patched environment.

Deploying an untested patch to a failover cluster and forcing a failover exposes live production workloads to potential instability caused by the unvalidated patch.

CDeploy the patch to half of the servers in production and monitor for any issues.

Deploying to half of production servers is a partial rollout strategy that still bypasses the mandatory non-production testing phase and introduces risk to live systems.

DDeploy the patch to the development and QA environments and request a functional test review.Correct

Because the vulnerability is classified as non-critical, there is no justification for bypassing standard change management procedures. Deploying to development and QA environments first, followed by a functional test review, ensures the patch does not introduce regressions or service instability before it reaches production. This approach balances timely remediation with the stability requirements of production systems.

Concept tested: Patch management process for non-critical vulnerabilities

Source: https://csrc.nist.gov/publications/detail/sp/800-40/rev-4/final

Topics

#patch management#change management#QA testing#vulnerability management

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice