CISSP Question #1172: Real Exam Question with Answer & Explanation

The correct answer is C: Lack of change control. The most common cause of system or security failures is lack of change control. Change control is a process that ensures that any changes to the system or the environment are authorized, documented, tested, and approved before implementation. Change control helps to prevent error

Submitted by luis.pe· Mar 5, 2026Security Operations

Question

Which of the following is the MOST common cause of system or security failures?

Options

ALack of system documentation
BLack of physical security controls
CLack of change control
DLack of logging and monitoring

Explanation

The most common cause of system or security failures is lack of change control. Change control is a process that ensures that any changes to the system or the environment are authorized, documented, tested, and approved before implementation. Change control helps to prevent errors, conflicts, inconsistencies, and vulnerabilities that may arise from unauthorized or uncontrolled changes. Lack of change control can result in system instability, performance degradation, functionality loss, security breaches, or compliance violations. Lack of system documentation, lack of physical security controls, and lack of logging and monitoring are also potential causes of system or security failures, but they are not as common or as critical as lack of change control.

Topics

#change control#system failures#operational security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions