SY0-701 Question #642: Real Exam Question with Answer & Explanation

Question

Which of the following steps should be taken before mitigating a vulnerability in a production server?

Options

• AEscalate the issue to the SDLC team.
• BUse the IR plan to evaluate the changes.
• CPerform a risk assessment to classify the vulnerability.
• DRefer to the change management policy.

Explanation

Before making any changes to a production server - including patching a vulnerability - organizations must follow their change management policy, which governs how, when, and by whom changes are approved and executed. This ensures the fix doesn't introduce downtime, configuration drift, or unintended side effects in a live environment.

Why the distractors are wrong:

• A (Escalate to SDLC team): The SDLC team handles software development lifecycle processes, not production change control. Escalation paths are defined within the change management process, not a prerequisite to it.
• B (Use the IR plan): The Incident Response plan is for responding to active security incidents, not for managing planned remediations. Applying a patch is a controlled change, not an incident response action.
• C (Perform a risk assessment): Risk assessment is valuable and often happens as part of the change management process, but it is not the distinct step that must come before mitigation - change management policy encompasses and requires it.

Memory tip: Think of production changes like surgery - you need hospital policy approval (change management) before you touch the patient, even if the diagnosis (risk assessment) is already clear. No approval, no action.

No community discussion yet for this question.