CompTIA CySA+ (CS0-001) — Question 62

An organization has two environments: development and production. Development is where applications are developed with unit testing. The development environment has many configuration differences from the production environment. All applications are hosted on virtual machines. Vulnerability scans are performed against all systems before and after any application or configuration changes to any environment. Lately, vulnerability remediation activity has caused production applications to crash and behave unpredictably. Which of the following changes should be made to the current vulnerability management process?

Answer options

• A. Create a third environment between development and production that mirrors production and tests all changes before deployment to the users
• B. Refine testing in the development environment to include fuzzing and user acceptance testing so applications are more stable before they migrate to production
• C. Create a second production environment by cloning the virtual machines, and if any stability problems occur, migrate users to the alternate production environment
• D. Refine testing in the production environment to include more exhaustive application stability testing while continuing to maintain the robust vulnerability remediation activities

Correct answer: A

Explanation

The correct answer is A, as creating an intermediary environment that mirrors production allows for thorough testing of changes without impacting the live production environment. Option B focuses on improving the development phase, but it doesn't address the production issues directly. Option C introduces redundancy but does not solve the underlying problem of instability caused by remediation. Option D suggests enhancing production testing, yet it still does not provide a buffer to prevent user impact during changes.