Certified Information Systems Security Professional (CISSP) — Question 275

A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied. The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?

Answer options

• A. Lower environment
• B. Desktop environment
• C. Server environment
• D. Production environment

Correct answer: A

Explanation

The patch should be applied first in the lower environment to test its effects and ensure it does not introduce new issues before being deployed to more critical environments. Applying patches directly to desktop, server, or production environments without prior testing could lead to unforeseen problems that affect operations.