CompTIA Security Plus Mock Test Q255

Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

A. Incident management
B. Clean desk policy
C. Routine audits
D. Change management

Correct Answer: D
Section: Compliance and Operational Security

Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. This structured approach involves policies that should be in place and technological controls that should be enforced.

Incorrect Answers:
A: Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). These
are usually set in a policy that has been approved.
B: Clean Desk Policy refers to information on a desk — in terms of printouts, pads of note paper, sticky notes, and the like that can be easily seen by prying eyes and taken by thieving
hands. The strategy should be to encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment.
All sensitive information should be put away when the employee is away from their desk.
C: Routine audits are carried out after you have implemented security controls based on risk. These audits include aspects such as user rights and permissions and specific events.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 10, 402