Page 1182 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1182
C. Implementing vulnerability management
D. Implementing patch management
17. Which of the following steps would not be included in a change
management process?
A. Immediately implement the change if it will improve
performance.
B. Request the change.
C. Create a rollback plan for the change.
D. Document the change.
18. While troubleshooting a network problem, a technician realized the
problem could be resolved by opening a port on a firewall. The
technician opened the port and verified the system was now
working. However, an attacker accessed this port and launched a
successful attack. What could have prevented this problem?
A. Patch management processes
B. Vulnerability management processes
C. Configuration management processes
D. Change management processes
19. Which of the following is not a part of a patch management
process?
A. Evaluate patches.
B. Test patches.
C. Deploy all patches.
D. Audit patches.
20. Servers within your organization were recently attacked causing an
excessive outage. You are asked to check systems for known issues
that attackers may use to exploit other systems in your network.
Which of the following is the best choice to meet this need?
A. Versioning tracker
