In her morning review of new vendor patches, a security administrator has identified an exploit that
is marked as critical. Which of the following is the BEST course of action?

A.
The security administrator should wait seven days before testing the patch to ensure that the
vendor does not issue an updated version, which would require reapplying the patch.

B.
The security administrator should download the patch and install it to her workstation to test
whether it will be able to be applied to all workstations in the environment.

C.
The security administrator should alert the risk management department to document the patch
and add it to the next monthly patch deployment cycle.

D.
The security administrator should download the patch to the test network, apply it to affected
systems, and evaluate the results on the test systems.