An administrator wants to add a new vendor IP range to a firewall rule in production. What is the best change-management step to reduce risk?

Apply the change immediately during peak business hours.

Peak hours are the worst time for an untested change because any issue can disrupt many users and be harder to recover from.

Allow the entire vendor subnet permanently without review.

Granting broad access without review increases risk and ignores the need to verify the minimum required access. It also bypasses accountability.

Skip documentation to speed up the rollout.

Skipping documentation makes troubleshooting and auditing harder later. It also prevents others from understanding what changed and why.

What does this SY0-701 question test?

CIDR notation defines the prefix length.

What is the correct answer to this question?

The correct answer is: Test and approve the change before implementing it in production. — The safest operational approach is to test and approve the firewall change before pushing it into production. That lets the team confirm the rule behaves as intended, understand side effects, and choose a maintenance window if needed. Documentation and approval also create accountability and make rollback easier if the rule causes outages or unexpected exposure. This is the core purpose of change management. Why others are wrong: Applying the change during peak hours raises the chance of business disruption. Allowing the whole subnet permanently is overly broad and may expose more systems than necessary. Skipping documentation weakens troubleshooting, auditing, and rollback planning, which are all important when making firewall changes.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.