nerdexam
(ISC)2

CAP · Question #300

Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?

The correct answer is A. Change control management. Change control management (also called change management) is specifically designed to ensure that all changes to a system - hardware, software, or configuration - are reviewed, approved, and implemented in a way that does not degrade or compromise the security posture. Configurat

Compliance Maintenance

Question

Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?

Options

  • AChange control management
  • BSecurity management
  • CConfiguration management
  • DRisk management

How the community answered

(45 responses)
  • A
    91% (41)
  • B
    4% (2)
  • C
    2% (1)
  • D
    2% (1)

Explanation

Change control management (also called change management) is specifically designed to ensure that all changes to a system - hardware, software, or configuration - are reviewed, approved, and implemented in a way that does not degrade or compromise the security posture. Configuration management deals with documenting and maintaining the baseline state of a system. Risk management identifies and mitigates risks broadly. Security management is an overarching discipline. Change control management is the targeted process that governs individual changes to prevent security regression.

Topics

#Change Management#Security Controls#System Security Lifecycle

Community Discussion

No community discussion yet for this question.

Full CAP Practice