nerdexam
ExamsCAS-003Questions#290
CompTIA

CAS-003 · Question #290

CAS-003 Question #290: Real Exam Question with Answer & Explanation

The correct answer is B: Establish a formal change management process. A formal change management process directly supports the CIO's primary objective of reducing system downtime. Uncontrolled or poorly managed changes to IT systems are one of the leading causes of outages and instability. A formal process ensures changes are reviewed, tested, appr

Question

The Chief Information Officer (CIO) is focused on improving IT governance within the organization to reduce system downtime. The CIO has mandated that the following improvements be implemented: - All business units must now identify IT risks and include them in their business risk profiles. - Key controls must be identified and monitored. - Incidents and events must be recorded and reported with management oversight. - Exemptions to the information security policy must be formally recorded, approved, and managed. - IT strategy will be reviewed to ensure it is aligned with the businesses strategy and objectives. In addition to the above, which of the following would BEST help the CIO meet the requirements?

Options

  • AEstablish a register of core systems and identify technical service owners
  • BEstablish a formal change management process
  • CDevelop a security requirement traceability matrix
  • DDocument legacy systems to be decommissioned and the disposal process

Explanation

A formal change management process directly supports the CIO's primary objective of reducing system downtime. Uncontrolled or poorly managed changes to IT systems are one of the leading causes of outages and instability. A formal process ensures changes are reviewed, tested, approved, and scheduled, minimizing unplanned disruptions. It also complements the other mandated improvements - it aligns with risk identification, key control monitoring, and incident reduction. Option A (core systems register) is useful for asset governance but does not directly reduce downtime. Option C (security traceability matrix) is narrowly focused on security requirements mapping. Option D (legacy system documentation) addresses end-of-life planning, not ongoing stability.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice