nerdexam
ExamsCAS-003Questions#575
CompTIA

CAS-003 · Question #575

CAS-003 Question #575: Real Exam Question with Answer & Explanation

The correct answer is D: Configuration and change management. The investigation failed because there was no record of who changed the switch configuration-despite seven people having the access to do so. A robust configuration and change management program requires that every change to a device configuration be formally requested, approved,

Question

Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive. Which of the following processes should be implemented to ensure this information is available for future investigations?

Options

  • AAsset inventory management
  • BIncident response plan
  • CTest and evaluation
  • DConfiguration and change management

Explanation

The investigation failed because there was no record of who changed the switch configuration-despite seven people having the access to do so. A robust configuration and change management program requires that every change to a device configuration be formally requested, approved, implemented by an identified individual, and logged with timestamps and attribution. Had this been in place, the investigation would have had a clear audit trail showing which of the seven people made the change and when. Asset inventory management (A) tracks what assets exist; it does not log configuration changes. An incident response plan (B) governs how to respond after an event, not how to prevent unattributed changes. Test and evaluation (C) validates system performance, not change accountability.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice