CAS-001 · Question #258
CAS-001 Question #258: Real Exam Question with Answer & Explanation
The correct answer is A: Implement an enforceable change management system.. The core problem is lack of accountability: no one knows who made the change. Two complementary controls address this: (A) A change management system requires that all changes be formally requested, reviewed, approved, and documented before implementation. This creates a paper tr
Question
Options
- AImplement an enforceable change management system.
- BImplement a software development life cycle policy.
- CEnable user level auditing on all servers.
- DImplement a federated identity management system.
- EConfigure automatic updates on all servers.
Explanation
The core problem is lack of accountability: no one knows who made the change. Two complementary controls address this: (A) A change management system requires that all changes be formally requested, reviewed, approved, and documented before implementation. This creates a paper trail that ties specific changes to specific individuals and approval chains - making it impossible to make undocumented changes. (C) User-level auditing on servers creates logs of exactly who authenticated and what actions they performed, including system updates. Even with shared admin access (the stated problem), auditing reveals which account executed the update. Together, these controls enforce accountability before (change management) and after (audit logs) a change. Option B (SDLC policy) governs software development, not operational changes. Option D (federated identity management) addresses identity federation across organizations, not internal accountability. Option E (automatic updates) would make accountability worse by removing human traceability entirely.
Community Discussion
No community discussion yet for this question.