CompTIA
CAS-002 · Question #193
CAS-002 Question #193: Real Exam Question with Answer & Explanation
The correct answer is D: Use Company A's change management process during the evaluation of the new product.. When an acquired company needs to make IT changes, adopting the acquiring company's change management process ensures security impacts are assessed through an established framework.
Question
Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B's IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause?
Options
- APurchase the product and test it in a lab environment before installing it on any live system.
- BAllow Company A and B's IT staff to evaluate the new product prior to purchasing it.
- CPurchase the product and test it on a few systems before installing it throughout the entire
- DUse Company A's change management process during the evaluation of the new product.
Explanation
When an acquired company needs to make IT changes, adopting the acquiring company's change management process ensures security impacts are assessed through an established framework.
Common mistakes.
- A. Purchasing the product before change management review bypasses the security impact assessment step that change management requires prior to procurement.
- B. Having both IT teams evaluate without a change management framework is unstructured and does not ensure security impacts are formally assessed or documented.
- C. Testing on live production systems before completing the change management evaluation introduces unassessed security risks to the production environment.
Concept tested. Change management process application during mergers and acquisitions
Reference. https://csrc.nist.gov/publications/detail/sp/800-128/final
Community Discussion
No community discussion yet for this question.