CGRC Question #152: Real Exam Question with Answer & Explanation

The correct answer is A: False. Configuration management and control is fundamentally aimed at documenting all changes and assessing their security impact, making the statement that its objective is 'not to' do so false.

Compliance Maintenance

Question

The objective of Configuration Manager and control is "not to" document all proposed or actual changes to an IS & to assess the impact of changes on security of system. Response:

Options

AFalse
BTrue

Explanation

Configuration management and control is fundamentally aimed at documenting all changes and assessing their security impact, making the statement that its objective is 'not to' do so false.

Common mistakes.

B. Believing the statement is true would imply that configuration management does not involve documenting changes or assessing security impact, which contradicts the core principles and objectives of configuration management in information security.

Concept tested. Configuration Management objectives

Reference. https://csrc.nist.gov/glossary/term/configuration-management

Topics

#Configuration Management#Change Management#System Security#Control Objective

Community Discussion

No community discussion yet for this question.

Full CGRC Practice Browse All CGRC Questions