CCSP Question #232: Real Exam Question with Answer & Explanation

Question

All of the following are activities that should be performed when capturing and maintaining an accurate, secure system baseline, except ____________.

Options

• AAudit the baseline to ensure that all configuration items have been included and applied correctly
• BImpose the baseline throughout the environment
• CCapture an image of the baseline system for future reference/versioning/rollback purposes
• DDocument all baseline configuration elements and versioning data

Explanation

While baselines are applied, the act of simply 'imposing' a baseline throughout an environment without prior validation, testing, or documentation is not an activity for capturing and maintaining a secure baseline.

Common mistakes.

• A. Auditing the baseline is a crucial maintenance activity to ensure its accuracy, completeness, and the correct application of all configuration items, which directly supports security and accuracy.
• C. Capturing an image of the baseline system is an essential activity for versioning, future reference, and rollback capabilities, directly supporting the maintenance and security of the baseline.
• D. Documenting all baseline configuration elements and versioning data is fundamental for proper management, tracking changes, and maintaining the accuracy and security of the baseline over time.

Concept tested. Secure system baseline management activities

Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-128.pdf

No community discussion yet for this question.