SSCP Question #203: Real Exam Question with Answer & Explanation

The correct answer is D: Auditing and controlling any changes to the Trusted Computing Base.. Configuration Management (CM) as a Life-Cycle Assurance requirement encompasses both auditing AND controlling changes to the Trusted Computing Base (TCB). It ensures that any modification to the TCB is tracked (auditing) and that unauthorized or unintended changes are prevented (

Submitted by amina.ke· Apr 18, 2026Security Operations and Administration

Question

Configuration Management controls what?

Options

AAuditing of changes to the Trusted Computing Base.
BControl of changes to the Trusted Computing Base.
CChanges in the configuration access to the Trusted Computing Base.
DAuditing and controlling any changes to the Trusted Computing Base.

Explanation

Configuration Management (CM) as a Life-Cycle Assurance requirement encompasses both auditing AND controlling changes to the Trusted Computing Base (TCB). It ensures that any modification to the TCB is tracked (auditing) and that unauthorized or unintended changes are prevented (control). Option A (auditing only) and Option B (control only) are each incomplete - CM is explicitly a dual function. Option C incorrectly frames it as managing configuration access rather than changes to the TCB itself. The full scope - audit and control - is what makes D correct.

Topics

#Configuration Management#Change Control#Trusted Computing Base (TCB)#Auditing

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions