A vulnerability scan identifies a critical patch for a fleet of internet-facing servers. The operations lead wants to apply it immediately during peak business hours because the exploit is public. What is the BEST next step?
An emergency change still needs controlled validation so the organization reduces risk without creating avoidable outages.
Why this answer
The correct answer is B because an emergency change process allows the critical patch to be applied quickly while still incorporating essential steps like testing, approval, and a rollback plan. This balances the urgency of a public exploit with the need to avoid unintended service disruptions during peak business hours, aligning with change management best practices in Security Operations.
Exam trap
The trap here is that candidates may choose option A, thinking speed is the only priority, but the exam tests the balance between urgency and risk management through formal change control processes.
How to eliminate wrong answers
Option A is wrong because installing the patch on all servers immediately without testing risks introducing compatibility issues or system instability, which could cause widespread outages during peak hours. Option C is wrong because waiting until the next quarterly maintenance window ignores the critical nature of a public exploit, leaving systems vulnerable to active attacks in the interim. Option D is wrong because patching only one production server and assuming the rest will be fine does not address the fleet-wide vulnerability and provides a false sense of security, as the unpatched servers remain exposed.