A security engineer would like to analyze the effect of deploying a system without patching it to discover potential vulnerabilities. Which of the following practices would best allow for this testing while keeping the corporate network safe?
A. Perform grey box testing of the system to verify the vulnerabilities on the system
B. Utilize virtual machine snapshots to restore from compromises
C. Deploy the system in a sandbox environment on the virtual machine
D. Create network ACLs that restrict all incoming connections to the system