An administrator finds that non-production servers are being frequently compromised, production
servers are rebooting at unplanned times and kernel versions are several releases behind the version with
all current security fixes.
Which of the following should the administrator implement?

A.
Snapshots

B.
Sandboxing

C.
Patch management

D.
Intrusion detection system

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating
systems by applying the latest vendor updates. This helps protect a systems from newly discovered
attacks and vulnerabilities.
Incorrect Answers:
A: Snapshots are backups of virtual machines that can be used to quickly recover from errors or poor
updates. It does not ensure that the latest kernel version with all current security fixes is installed on the
system.
B: Sandboxing is the process of isolating a system before installing new applications on it so as to restrict
any potential malware that may be embedded in the new application from being able to cause harm to
production systems. It does not ensure that the latest kernel version with all current security fixes is
installed on the system.
D: An intrusion detection system (IDS) is an automated system that detects intrusions or security policy
violations on networks or host systems. It does not ensure that the latest kernel version with all current
security fixes is installed on the system.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 204-205, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 21, 231-232,
249, 250