PrepAway - Latest Free Exam Questions & Answers

Which of the following should be in place to meet these two goals?

A security engineer is given new application extensions each month that need to be secured prior to
implementation. They do not want the new extensions to invalidate or interfere with existing application
security. Additionally, the engineer wants to ensure that the new requirements are approved by the
appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO).

PrepAway - Latest Free Exam Questions & Answers

A.
Patch Audit Policy

B.
Change Control Policy

C.
Incident Management Policy

D.
Regression Testing Policy

E.
Escalation Policy

F.
Application Audit Policy

Explanation:
A backout (regression testing) is a reversion from a change that had negative consequences. It could be,
for example, that everything was working fi ne until you installed a service pack on a production machine,
and then services that were normally available were no longer accessible. The backout, in this instance,
would revert the system to the state that it was in before the service pack was applied. Backout plans can
include uninstalling service packs, hotfi xes, and patches, but they can also include reversing a migration
and using previous firmware. A key component to creating such a plan is identifying what events will
trigger your implementing the backout.
A change control policy refers to the structured approach that is followed to secure a company’s assets in
the event of changes occurring.
Incorrect Answers:
A: Patch Audit Policy refers to proper patch management and more the specific the evaluation thereof
that should be in place to keep your systems up to date.
C: Incident management policies outline the steps followed when events occur (making sure controls are
in place to prevent unauthorized access to, and changes of, all IT assets).
E: Escalation Policy is used to make sure that the right ppeol are alerted at the right time. If an incident is
not acknowledged or resolved within an escalation time-out period, it is passed on, or escalated to the
next user/s in line.
F: Application Audit Policy refers to the process of evaluation regarding applications used on your
network.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 10, 443


Leave a Reply