A server administrator identifies a critical security patch for a production database server that resolves a zero-day vulnerability. The administrator has already successfully tested the patch in a sandboxed environment that mirrors production. According to best practices for change management, what is the most appropriate next step for the administrator to take before deploying the patch to the production server?
Create a full backup of the production database server.
Deploy the patch immediately to the production server during the next available maintenance window.
Notify end-users about the impending patch deployment and scheduled downtime.
Submit a formal change request (CR) to the Change Advisory Board (CAB) for approval.
The correct answer is to submit a formal change request (CR) to the Change Advisory Board (CAB) for approval. According to ITIL and general change management principles, even after successful testing, any modification to a production environment requires formal review and authorization. The CAB is responsible for assessing the change's business impact, risks, and resource requirements before giving approval. Deploying the patch without this approval, even if scheduled during a maintenance window, bypasses the established procedure designed to prevent service disruptions. While creating a backup and notifying users are crucial parts of the implementation plan, these actions typically occur after the change has been formally approved and scheduled.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Change Advisory Board (CAB)?
Open an interactive chat with Bash
What is a zero-day vulnerability?
Open an interactive chat with Bash
Why is formal approval necessary before deploying patches?