SY0-301 · Question #804
A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing applica
The correct answer is B. Change Control Policy D. Regression Testing Policy. Two distinct goals require two distinct policies. (B) Change Control Policy ensures all changes - including new extensions - go through a formal review and approval process by the appropriate stakeholders before implementation, satisfying the approval requirement. (D) Regression
Question
A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO).
Options
- APatch Audit Policy
- BChange Control Policy
- CIncident Management Policy
- DRegression Testing Policy
- EEscalation Policy
- FApplication Audit Policy
How the community answered
(34 responses)- A12% (4)
- B76% (26)
- C3% (1)
- E6% (2)
- F3% (1)
Explanation
Two distinct goals require two distinct policies. (B) Change Control Policy ensures all changes - including new extensions - go through a formal review and approval process by the appropriate stakeholders before implementation, satisfying the approval requirement. (D) Regression Testing Policy mandates that after any new code or extension is introduced, existing functionality and security controls are re-tested to confirm they have not been broken or undermined, satisfying the non-interference requirement. Patch Audit, Incident Management, Escalation, and Application Audit policies address different concerns and do not directly fulfill both stated goals.
Topics
Community Discussion
No community discussion yet for this question.