Patch Management

Correct Answer: Regularly audit patch status across the network and remediate any discrepancies

The best answer is 'Regularly audit patch status across the network and remediate any discrepancies'. This is most effective as part of a proactive approach to maintaining systems security rather than reacting to security incidents. Checking patch status only when security incidents occur could leave systems vulnerable in the interim. Deploying patches as quickly as possible without adequate testing could inadvertently introduce new issues or conflicts into the system. Finally, relying solely on users to report patch failures or system issues is not a reliable method of ensuring patches are successfully applied, because users may not be technically knowledgeable or aware of whether a patch failure has occurred.

Correct Answer: Implement a periodic patch assessment and deployment schedule.

A periodic patch assessment and deployment schedule allows the administrator to consistently update software, reducing security risks associated with outdated software versions. Manually updating software is time-consuming, and foresight is not guaranteed. Disabling software updates can lead to more security vulnerabilities. Installing a new server with the latest updates may temporarily solve the issue, but continuous patch management is necessary to prevent future breaches. Custom patches and more frequent antivirus scans do not address the need for software updates.

Correct Answer: Apply the patch in the shortest possible timeframe, ensuring proper testing if possible

In the case of a zero-day vulnerability, time is critical. Zero-day exploits do not provide the luxury of waiting until a regular patch cycle for deployment. Immediate action is required because this type of vulnerability is unknown to other parties or vendors and can be exploited before a solution available. Therefore, the administrator should apply the patch as quickly as possible while ensuring proper testing if possible. This will safeguard vulnerable systems from potential exploitation. On the contrary, waiting for the regular patching cycle, ignoring the patch assuming it's a false alarm, or applying the patch only to non-critical systems puts the systems at increased risk. These moves do not adequately address the immediate danger of a zero-day vulnerability.