CV0-003 · Question #480
A production IaaS database server contains PCI data and is a critical business capability. The CAB approved a normal code change release for QA and PROD to occur 30 minutes apart and to last a maximum
The correct answer is C. Submit an emergency CAB approval to change the time to after business hours. When a CAB-approved change window is missed for a critical PCI-scoped system, the correct action is to seek emergency CAB approval rather than skipping validation or acting outside the approved scope.
Question
A production IaaS database server contains PCI data and is a critical business capability. The CAB approved a normal code change release for QA and PROD to occur 30 minutes apart and to last a maximum of one hour. The cloud DBA team is 45 minutes behind schedule, so they miss the start time on QA. As the cloud DBA, which of the following is the BEST course of action to apply the code change?
Options
- ASkip QA and apply the code change to PROD to meet time requirements
- BResubmit another change request for another time for approval
- CSubmit an emergency CAB approval to change the time to after business hours
- DChange the time in the CAB request and apply the code change at a more convenient time
How the community answered
(37 responses)- A14% (5)
- B30% (11)
- C49% (18)
- D8% (3)
Why each option
When a CAB-approved change window is missed for a critical PCI-scoped system, the correct action is to seek emergency CAB approval rather than skipping validation or acting outside the approved scope.
Skipping QA for a PCI-scoped production database introduces unacceptable risk, violates change management controls, and could result in a compliance violation.
Resubmitting a normal change request would take significantly longer than an emergency approval and does not address the urgency of the situation within business hours.
An emergency CAB approval is the appropriate escalation path when the original approved change window cannot be met due to unforeseen delays. Because the system contains PCI data and is business-critical, no changes should be applied outside of an approved window, and the CAB must formally authorize any rescheduling to maintain audit compliance and risk control.
Unilaterally modifying the time in the existing CAB request without formal re-approval violates the change management process and bypasses required governance controls.
Concept tested: Cloud change management CAB escalation process
Source: https://www.axelos.com/certifications/itil-service-management/itil-4-foundation
Topics
Community Discussion
No community discussion yet for this question.