CISSP Question #348: Real Exam Question with Answer & Explanation

The correct answer is C: To verify that changes to the Information Technology (IT) infrastructure are approved. The main purpose of a change management policy is to ensure that all changes made to the IT infrastructure are approved, documented, and communicated effectively across the organization. This helps to minimize the risks associated with unauthorized or poorly planned changes, such

Submitted by akirajp· Mar 5, 2026Security and Risk Management

Question

What is the MAIN purpose of a change management policy?

Options

ATo assure management that changes to the Information Technology (IT) infrastructure are
BTo identify the changes that may be made to the Information Technology (IT) infrastructure
CTo verify that changes to the Information Technology (IT) infrastructure are approved
DTo determine the necessary for implementing modifications to the Information Technology (IT)

Explanation

The main purpose of a change management policy is to ensure that all changes made to the IT infrastructure are approved, documented, and communicated effectively across the organization. This helps to minimize the risks associated with unauthorized or poorly planned changes, such as security breaches, system failures, or compliance issues. A change management policy does not assure management that changes are necessary, identify the changes that may be made, or determine the necessity for implementing modifications, although these may be part of the change management process.

Topics

#Change management#IT governance#Policy enforcement#Configuration control

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions