CERTIFIED-IN-CYBERSECURITY Question #556: Real Exam Question with Answer & Explanation

Question

In a change management process, what is the purpose of Verification and Audit?

Options

• ARequest changes to a baseline
• BVerify that newly applied changes don't break anything
• CIdentify the baseline of a system
• DProvide a minimum level of protection to developers

Explanation

Verification and audit in change management are processes that ensure that newly implemented changes have not broken the existing system or caused unintended consequences (see ISC2 Study Guide, Chapter 5, Module 2). For example, when a software update is applied to an organization's network, the verification and audit process would involve testing the network to ensure that it is still functioning as expected and that no new vulnerabilities have been introduced. The other options do not accurately describe the purpose of verification and audit in a change management process. Requesting changes to a baseline is part of the initial stages of the Change Management process, not the Verification and Audit stage. Identifying the baseline of a system is also an early step in the process of documenting the current state of the system before changes are made. Providing a minimum level of protection for developers is not directly related to the Verification and Audit phase. While a change management process as a whole can help protect developers by ensuring that changes are properly reviewed and tested, this is not the specific purpose of the Verification and Audit phase.

No community discussion yet for this question.