nerdexam
(ISC)2

CISSP · Question #334

After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT af

The correct answer is B. Conduct a security impact analysis. A security impact analysis is a process of assessing the potential effects of a change on the security posture of a system. It helps to identify and mitigate any security risks that may arise from the change, such as new vulnerabilities, configuration errors, or compliance issues

Submitted by jakub_pl· Mar 5, 2026Security Operations

Question

After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Options

  • AConduct an Assessment and Authorization (A&A)
  • BConduct a security impact analysis
  • CReview the results of the most recent vulnerability scan
  • DConduct a gap analysis with the baseline configuration

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    78% (18)
  • C
    4% (1)
  • D
    13% (3)

Explanation

A security impact analysis is a process of assessing the potential effects of a change on the security posture of a system. It helps to identify and mitigate any security risks that may arise from the change, such as new vulnerabilities, configuration errors, or compliance issues. A security impact analysis should be conducted after following the change management plan and before implementing the change in the production environment. Conducting an A&A, reviewing the results of a vulnerability scan, or conducting a gap analysis with the baseline configuration are also possible steps to ensure the security of a system, but they are not specific to the change management process.

Topics

#change management#security impact analysis#network security posture

Community Discussion

No community discussion yet for this question.

Full CISSP Practice