nerdexam
CompTIA

SY0-301 · Question #34

Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

The correct answer is D. Change management. Change management enforces a formal approval workflow before modifications reach production, directly addressing the risk of unreviewed developer changes.

Security program management and oversight

Question

Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

Options

  • AIncident management
  • BClean desk policy
  • CRoutine audits
  • DChange management

How the community answered

(59 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    5% (3)
  • D
    92% (54)

Why each option

Change management enforces a formal approval workflow before modifications reach production, directly addressing the risk of unreviewed developer changes.

AIncident management

Incident management is a reactive process for responding to security events after they occur, not a preventive control over production access.

BClean desk policy

A clean desk policy governs the physical handling of sensitive documents and is unrelated to software deployment access controls.

CRoutine audits

Routine audits detect unauthorized changes after the fact but do not prevent developers from making unapproved modifications in the first place.

DChange managementCorrect

Change management is a formal process requiring documented requests, impact assessments, and approvals before any changes are applied to production systems. Implementing it removes ad hoc developer access and ensures all modifications are reviewed and authorized by the appropriate stakeholders.

Concept tested: Change management to control production access

Source: https://learn.microsoft.com/en-us/devops/operate/what-is-monitoring

Topics

#change management#access control#production security#change control

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice