CAS-003 · Question #699
CAS-003 Question #699: Real Exam Question with Answer & Explanation
The correct answer is C: Create an incident ticket for anomalous activity.. Even though no harm has occurred, the server is violating the organization's security configuration management policy, which requires all patches to go through testing before reaching production. A policy violation - regardless of outcome - is an anomalous event that must be form
Question
Options
- AReschedule the automated patching to occur during business hours.
- BMonitor the web application service for abnormal bandwidth consumption.
- CCreate an incident ticket for anomalous activity.
- DMonitor the web application for service interruptions caused from the patching.
Explanation
Even though no harm has occurred, the server is violating the organization's security configuration management policy, which requires all patches to go through testing before reaching production. A policy violation - regardless of outcome - is an anomalous event that must be formally documented. Creating an incident ticket (C) initiates the proper change management and incident response process, creates an audit trail, and ensures the deviation is reviewed and remediated through official channels. Rescheduling patching (A) or monitoring for service issues (B, D) would be treating the symptom while ignoring the underlying policy breach. The policy exists precisely to prevent untested changes from reaching production, even benign-looking ones.
Community Discussion
No community discussion yet for this question.