nerdexam
ExamsSY0-301Questions#804
CompTIA

SY0-301 · Question #804

SY0-301 Question #804: Real Exam Question with Answer & Explanation

The correct answer is B: Change Control Policy. Two distinct goals require two distinct policies. (B) Change Control Policy ensures all changes - including new extensions - go through a formal review and approval process by the appropriate stakeholders before implementation, satisfying the approval requirement. (D) Regression

Question

A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO).

Options

  • APatch Audit Policy
  • BChange Control Policy
  • CIncident Management Policy
  • DRegression Testing Policy
  • EEscalation Policy
  • FApplication Audit Policy

Explanation

Two distinct goals require two distinct policies. (B) Change Control Policy ensures all changes - including new extensions - go through a formal review and approval process by the appropriate stakeholders before implementation, satisfying the approval requirement. (D) Regression Testing Policy mandates that after any new code or extension is introduced, existing functionality and security controls are re-tested to confirm they have not been broken or undermined, satisfying the non-interference requirement. Patch Audit, Incident Management, Escalation, and Application Audit policies address different concerns and do not directly fulfill both stated goals.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice