CISSP Question #637: Real Exam Question with Answer & Explanation

The correct answer is B: Verify the approval of the configuration change.. When an audit reveals that the current configuration does not match the originally implemented application, the first action should be to verify the approval of the configuration change. This step ensures that the changes made to the configuration were authorized and properly doc

Submitted by andres_qro· Mar 5, 2026Security Operations

Question

An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRST action to be taken?

Options

ARecommend an update to the change control process.
BVerify the approval of the configuration change.
CRoll back the application to the original configuration.
DDocument the changes to the configuration.

Explanation

When an audit reveals that the current configuration does not match the originally implemented application, the first action should be to verify the approval of the configuration change. This step ensures that the changes made to the configuration were authorized and properly documented according to the organization’s change management procedures. By verifying whether the change was approved, you can determine if the change was legitimate (e.g., planned updates or enhancements) or if it was made without proper authorization, which could indicate a potential security or compliance issue.

Topics

#Change control#Configuration audit#Incident response#Process verification

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions