Change Control | Exam Premium

CompTIA Security+ Question E-57

An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?

A. User rights reviews
B. Least privilege and job rotation
C. Change management
D. Change Control

Answer: A

Explanation:
A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. This means that a user rights review will reveal whether user accounts have been assigned according to their ‘new’ job descriptions , or if there are privilege creep culprits after transfers has occurred.

CompTIA Security+ Question C-8

A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO).

A. Patch Audit Policy
B. Change Control Policy
C. Incident Management Policy
D. Regression Testing Policy
E. Escalation Policy
F. Application Audit Policy

Answer: B,D

Explanation:
A backout (regression testing) is a reversion from a change that had negative consequences. It could be, for example, that everything was working fi ne until you installed a service pack on a production machine, and then services that were normally available were no longer accessible. The backout, in this instance, would revert the system to the state that it was in before the service pack was applied. Backout plans can include uninstalling service packs, hotfi xes, and patches, but they can also include reversing a migration and using previous firmware. A key component to creating such a plan is identifying what events will trigger your implementing the backout. A change control policy refers to the structured approach that is followed to secure a company’s assets in the event of changes occurring.

CompTIA Network+ Question C-63

An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted id this change is not immediate. The request come directly from management, and there is no time to go through the emergency change control process. Given this scenario, which of the following is the BEST course of action for the network administrator to take?

A. Wait until the maintenance window, and make the requested change
B. First document the potential impacts and procedures related to the change
C. Send out a notification to the company about the change
D. Make the change, noting the requester, and document all network changes

Correct Answer: D

CompTIA A+ Question H-74

Which of the following protocols would be MOST important in preserving digital evidence of criminal activity during an investigation?

A. Change control management
B. Chain of custody
C. Channel escalation
D. MSDS documents

Correct Answer: B

Explanation:
http://en.wikipedia.org/wiki/Chain_of_custody