The help desk can patch endpoints only after testing on a few pilot systems because one legacy app sometimes breaks after updates. What patching approach is most secure and least disruptive?

Wait until all applications are fully modernized before installing any security updates.

Delaying all patches creates unnecessary exposure and leaves known vulnerabilities open for too long.

Patch every endpoint immediately at the same time without testing to reduce management overhead.

This can cause a broad outage if the update conflicts with the legacy application or device drivers.

Disable automatic updates permanently and patch only after a confirmed incident.

Reactive patching leaves the organization exposed to known vulnerabilities until exploitation occurs.

What does this SY0-701 question test?

Static NAT maps one inside address to one outside address.

What is the correct answer to this question?

The correct answer is: Apply updates to a small pilot group first, then roll them out in stages to the rest of the fleet. — A staged patching strategy is the best balance of security and stability. Testing on a pilot group catches compatibility issues early, and phased deployment prevents a single bad update from affecting every endpoint at once. This is especially useful when there is legacy software that might fail after changes. It still keeps systems current, but with a controlled rollout that reduces operational disruption. Why others are wrong: B creates a long exposure window and treats patching as optional until modernization is complete. C may seem efficient, but it risks a fleet-wide outage if the update causes compatibility problems. D is the weakest option because it depends on damage already happening before the team acts, which is far too late for good security hygiene.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.