A security engineer is given new application extensions each month that need to be secured prior to
implementation. They do not want the new extensions to invalidate or interfere with existing application security.
Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate
personnel. Which of the following should be in place to meet these two goals? (Choose two.)
Patch Audit Policy
Change Control Policy
Incident Management Policy
Regression Testing Policy
Application Audit Policy
A backout (regression testing) is a reversion from a change that had negative consequences. It could be, for
example, that everything was working fine until you installed a service pack on a production machine, and then
services that were normally available were no longer accessible. The backout, in this instance, would revert the
system to the state that it was in before the service pack was applied. Backout plans can include uninstalling
service packs, hotfixes, and patches, but they can also include reversing a migration and using previous
firmware. A key component to creating such a plan is identifying what events will trigger your implementing the
A change control policy refers to the structured approach that is followed to secure a company’s assets in theevent of changes occurring.