CompTIA Security Plus Mock Test Q256

Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?

A. Incident management
B. Server clustering
C. Change management
D. Forensic analysis

Correct Answer: C
Section: Compliance and Operational Security

Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. In this case ‘performing updates to business critical systems.

Incorrect Answers:
A: Incident management is the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets).
B: Server clustering is used to provide failover capabilities / redundancy in addition to scalability as demand increases.
D: Forensics refers to the process of identifying past events using a data trail and the analysis of evidence found in computers and on digital storage media.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 10