CSSLP Question #206: Real Exam Question with Answer & Explanation

Question

Which of the following methods is a means of ensuring that system changes are approved before being implemented, only the proposed and approved changes are implemented, and the implementation is complete and accurate?

Options

• AConfiguration control
• BDocumentation control
• CConfiguration identification
• DConfiguration auditing

Explanation

Documentation control ensures that all system changes are formally approved, accurately implemented as intended, and properly recorded. This process ensures transparency and accountability for all modifications.

Common mistakes.

• A. Configuration control is a broader process of managing changes to configuration items, but "documentation control" specifically addresses the approval, implementation, and accuracy through formalized records and procedures.
• C. Configuration identification involves naming and describing configuration items, which is a prerequisite for managing changes, but it doesn't ensure approval or accurate implementation.
• D. Configuration auditing verifies that the system's configuration adheres to baselines and requirements after changes, but it doesn't directly ensure that changes are approved before implementation or that only approved changes are implemented.

Concept tested. Change management and configuration management principles

Reference. https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v3-change-management#cm-2-apply-configuration-management-processes-for-all-resources

No community discussion yet for this question.