CompTIA Security Plus Mock Test Q269

The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?

A. User permissions reviews
B. Incident response team
C. Change management
D. Routine auditing

Correct Answer: D
Section: Compliance and Operational Security

Routine audits are carried out after you have implemented security controls based on risk. These audits include aspects such as user rights and permissions and specific events.

Incorrect Answers:
A: User permissions reviews should form part of routine auditing and refers to specific type of incident. In this case the security administrator wants to be notified of any type of incident
in a timeous manner in future.
B: AN incident response team that can be tossed together to respond to an incident and this happens after the incident happened to that they may deal with the situation. In this case
the administrator wants to be notified in a timeous manner in future.
C: Change management is the structured approach that should be in place to secure the company’s assets.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 10, 28, 446