In her morning review of new vendor patches, a security administrator has identified an exploit that is marked as critical. Which of the following is the BEST course of action?
A.
The security administrator should wait seven days before testing the patch to ensure that the vendor does not issue an updated version, which would require reapplying the patch.
B.
The security administrator should download the patch and install it to her workstation to test whether it will be able to be applied to all workstations in the environment.
C.
The security administrator should alert the risk management department to document the patch and add it to the next monthly patch deployment cycle.
D.
The security administrator should download the patch to the test network, apply it to affected systems, and evaluate the results on the test systems.