CompTIA Security Plus Mock Test Q254

A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?

A. The request needs to be sent to the incident management team.
B. The request needs to be approved through the incident management process.
C. The request needs to be approved through the change management process.
D. The request needs to be sent to the change management team.


Correct Answer: C
Section: Compliance and Operational Security

Explanation:
Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. Thus the actual switch configuration should first be subject to the change management approval.

Incorrect Answers:
A: Incident management refers to the steps followed WHEN events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The
scenario want to know what must be done prior to the incident.
B: Incident management refers to the process that has to be followed WHEN an event occurred not prior to the event.
D: Immediately prior to the actual switch configuration the request should be approved through the change management process.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 10