An organization has two environments: development and production. Development is where applications are developed with unit testing. The development environment has many configuration differences from the production environment. All applications are hosted on virtual machines. Vulnerability scans are performed against all systems before and after any application or configuration changes to any environment. Lately, vulnerability remediation activity has caused production applications to crash and behave unpredictably.
Which of the following changes should be made to the current vulnerability management process?
A . Create a third environment between development and production that mirrors production and tests all changes before deployment to the users
B . Refine testing in the development environment to include fuzzing and user acceptance testing so applications are more stable before they migrate to production
C . Create a second production environment by cloning the virtual machines, and if any stability problems occur, migrate users to the alternate production environment
D . Refine testing in the production environment to include more exhaustive application stability testing while continuing to maintain the robust vulnerability remediation activities
Answer: A
Leave a Reply