The correct option is Apply an interim mitigation to reduce the vulnerability's risk while planning and deploying a permanent fix.

This approach lowers immediate risk while preserving business continuity. An interim mitigation can be a configuration change network restriction or temporary compensating control that reduces exposure and attack surface while the team designs tests and prepares a validated patch or code change.

Applying a temporary measure also gives time to perform proper testing and rollback planning so the permanent fix can be deployed without causing outages or introducing new issues. Vulnerability management best practices call for reducing risk quickly and then following through with a verified remediation.

Immediately power off the affected system until the issue is resolved is not ideal because powering off can disrupt essential services and can be disproportionate to the level of risk. It may be required in extreme cases but it is rarely the first step and it does not address the need for a planned permanent fix.

Open a formal incident and escalate to the patch management team for scheduled remediation is incomplete because creating a ticket or escalating without first applying a mitigation leaves the system exposed until the scheduled remediation occurs. Formal tracking is important but it should be paired with immediate risk reduction.

Continue normal operations and ignore the vulnerability is unsafe and unacceptable because it leaves systems at risk and violates standard security practices. Ignoring a discovered vulnerability invites exploitation and potential compromise.

Full AWS Practitioner Certification Question