CERTIFIED-IN-CYBERSECURITY · Question #457
CERTIFIED-IN-CYBERSECURITY Question #457: Real Exam Question with Answer & Explanation
The correct answer is D: A minimum level of protection that can be used as a reference point. In change management, a security baseline is a minimum level of protection that can be used as a reference point (see ISC2 Study Guide, Chapter 5, Module 2). For example, a security baseline might specify the minimum requirements for firewall settings, password complexity, and pa
Question
In the context of change management, what is a security baseline?
Options
- AA regression and validation process
- BA process for requesting changes to a baseline
- CA maximum level of protection that can be used as a reference point
- DA minimum level of protection that can be used as a reference point
Explanation
In change management, a security baseline is a minimum level of protection that can be used as a reference point (see ISC2 Study Guide, Chapter 5, Module 2). For example, a security baseline might specify the minimum requirements for firewall settings, password complexity, and patching frequency. Any changes to the system should not reduce the level of security below this baseline. The other options relate only to either the concept of a security baseline or to change management. A process for requesting changes to a baseline is part of change management, but is not itself a security baseline. A maximum level of protection that can be used as a reference point can be part of a security strategy, but it is not a security baseline, which sets minimum, not maximum, standards. A regression and validation process is a method for testing changes, but it is not a security baseline.
Topics
Community Discussion
No community discussion yet for this question.