A security engineer would like to analyze the effect of deploying a system without patching it to discover
potential vulnerabilities. Which of the following practices would best allow for this testing while keeping the
corporate network safe?
Perform grey box testing of the system to verify the vulnerabilities on the system
Utilize virtual machine snapshots to restore from compromises
Deploy the system in a sandbox environment on the virtual machine
Create network ACLs that restrict all incoming connections to the system