nerdexam
CompTIA

CAS-003 · Question #552

CAS-003 Question #552: Real Exam Question with Answer & Explanation

The correct answer is C. Create an incident ticket for anomalous activity.. A server autonomously downloading and applying patches in violation of the organization's change management policy is anomalous activity that must be documented as an incident regardless of apparent impact.

Enterprise Security Operations

Question

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reactions, server functionality does not seem to be affected, and no malware was found after a scan. Which of the following actions should the analyst take?

Options

  • AReschedule the automated patching to occur during business hours.
  • BMonitor the web application service for abnormal bandwidth consumption.
  • CCreate an incident ticket for anomalous activity.
  • DMonitor the web application for service interruptions caused from the patching.

Explanation

A server autonomously downloading and applying patches in violation of the organization's change management policy is anomalous activity that must be documented as an incident regardless of apparent impact.

Common mistakes.

  • A. Rescheduling the automated patching to business hours does not address the core policy violation, which is that patches are being applied without required testing.
  • B. Monitoring for abnormal bandwidth is insufficient as a sole response because it does not investigate or remediate the unauthorized configuration that is bypassing the patch testing requirement.
  • D. Monitoring for service interruptions is a reactive measure that ignores the policy violation and does not investigate the root cause of the unauthorized automated patching.

Concept tested. Incident response for patch management policy violations

Reference. https://learn.microsoft.com/en-us/compliance/assurance/assurance-vulnerability-management

Topics

#patch management#security policy compliance#anomalous activity#incident response

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice