CompTIA Security Plus Mock Test Q258

Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages?

A. Risk transference
B. Change management
C. Configuration management
D. Access control revalidation

Correct Answer: B
Section: Compliance and Operational Security

Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. In this case ‘scheduled system patching’.

Incorrect Answers:
A: Risk transference is when you offload risk to another party – akin to risk sharing.
C: Configuration management is an operational control type that is put into action after a risk assessment has been done.
D: Access control revalidation referrers to server-side and client-side validation that has to be repeated.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 10, 14-17