Page 1555 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1555
using a baseline. Imaging ensures that systems are deployed with
the same, known configuration. Change management processes
help prevent outages from unauthorized changes. Vulnerability
management processes help to identify vulnerabilities, and patch
management processes help to ensure that systems are kept up-to-
date.
17. A. Change management processes may need to be temporarily
bypassed to respond to an emergency, but they should not be
bypassed simply because someone thinks it can improve
performance. Even when a change is implemented in response to
an emergency, it should still be documented and reviewed after the
incident. Requesting changes, creating rollback plans, and
documenting changes are all valid steps within a change
management process.
18. D. Change management processes would ensure that changes are
evaluated before being implemented to prevent unintended
outages or needlessly weakening security. Patch management
ensures that systems are up-to-date, vulnerability management
checks systems for known vulnerabilities, and configuration
management ensures that systems are deployed similarly, but
these other processes wouldn’t prevent problems caused by an
unauthorized change.
19. C. Only required patches should be deployed, so an organization
will not deploy all patches. Instead, an organization evaluates the
patches to determine which patches are needed, tests them to
ensure that they don’t cause unintended problems, deploys the
approved and tested patches, and audits systems to ensure that
patches have been applied.
20. B. Vulnerability scanners are used to check systems for known
issues and are part of an overall vulnerability management
program. Versioning is used to track software versions and is
unrelated to detecting vulnerabilities. Security audits and reviews
help ensure that an organization is following its policies but
wouldn’t directly check systems for vulnerabilities.
