Which approach is fastest to apply a critical patch across development and staging servers when a zero-day SSH vulnerability is publicly disclosed?

• A. Shut down all servers and deploy new ones with the latest patch.
• B. Create a master inventory list and deploy the patch manually to each server.
• C. Clone the existing servers, patch the clones, and shut down the original servers.
• D. Update the set of configuration management scripts and execute them against a master inventory.

Answer: (D)

Automating patch deployment with configuration management is the fastest approach. In cloud environments, you keep a master inventory of development and staging servers and encode the patching steps in configuration management scripts (such as Ansible, Puppet, or Chef). Updating those scripts to apply the SSH patch and then running them against the entire inventory lets you push the fix to many servers at once, in a repeatable and auditable way. Because the process is automated, you can apply the patch in parallel across servers, minimize human error, and quickly verify success in staging before any prod impact. It also supports rollback and ongoing drift prevention, so you maintain a consistent, patched environment with minimal downtime. Manual per-server patching, cloning and swapping servers, or shutting everything down are slower and riskier for a zero-day scenario.