CompTIA Security+ Practice Test of the Day 260303

Question 1

A security administrator at a regional bank is preparing to deploy a critical patch to the organization's core banking application. Before the change can proceed, the administrator must route the request through multiple stakeholders, including the IT manager, application owner, and compliance officer. Each party must review the potential impact and formally approve the change before it is scheduled. The process feels time-consuming to the team, but the security administrator understands its importance. Which component of the change management process is being described in this scenario?

A. Maintenance window B. Backout plan C. Approval process D. Impact analysis

Question 2

Your organization recently completed a major upgrade to its customer-facing web application. After deployment, the development team noticed that a dependent authentication service began behaving unexpectedly, causing intermittent login failures for end users. A post-incident review determined that the team had not fully accounted for how changes to the web application would affect integrated services prior to initiating the upgrade. Which change management concept, if properly applied, would most likely have prevented this issue?

A. Standard operating procedure B. Backout plan C. Maintenance window D. Dependencies

Question 3

A change management board (CAB) at a healthcare organization approves a configuration change to the network firewall. After the change is implemented over the weekend, a network engineer updates the firewall ruleset diagram to reflect the new allow and deny rules. The organization's change management policy requires this step to be completed within 24 hours of any approved change. Which change management documentation requirement is the engineer fulfilling?

A. Version control B. Updating diagrams C. Standard operating procedure D. Updating policies/procedures

Question 4

A systems administrator submits a change request to remove a legacy middleware application from a production server. The application was originally installed to support a third-party integration that was discontinued two years ago. During the review process, a senior engineer warns that removing the middleware without proper testing could break a payroll reporting tool that the finance team still uses quarterly. The CAB asks for additional analysis before approving the change. Which change management concept is the senior engineer raising concern about, and which process step should be completed before the change proceeds?

A. Ownership; the change should be re-assigned to the application owner B. Dependencies; an impact analysis should be performed before approval C. Maintenance window; the change should be rescheduled for off-hours D. Backout plan; a rollback procedure must be created first

Question 5

An analyst in a SOC observes that an emergency patch was applied to a critical database server late Friday evening by an on-call engineer. The engineer completed the patch successfully and verified service availability, but no ticket was created, no approval was obtained, and no record of the change exists in the organization's change management system. The following Monday, a different team member attempts to troubleshoot unrelated database latency and is unaware any changes were made over the weekend. Which two change management failures are BEST illustrated by this scenario? (Choose the answer that captures both.)

A. Lack of a backout plan and missing impact analysis B. Failure to follow the approval process and missing documentation C. Skipped maintenance window and absence of stakeholder notification D. Ownership conflict and failure to perform test results review

Question 6

The IT department at a financial services firm is preparing to upgrade a critical payment processing application from a version that is nearing vendor end-of-life. The security team has flagged this as a technical implication of the change, noting that the older version will soon stop receiving security patches. During the planning phase, the team also identifies that the upgrade will require a full restart of the application and a brief period where the service will be unavailable. Which two technical implications of change management does this scenario BEST illustrate?

A. Version control and backout plan requirements B. Legacy applications and service restart downtime C. Dependency mapping and allow list modification D. Impact analysis and stakeholder approval delays

Question 7

A penetration tester discovers that a recently patched web server still exhibits a vulnerability that was reportedly fixed three weeks ago. Upon investigation, the security team learns that while the patch was applied in the staging environment, the change was never promoted to production. The organization's change management records show the patch was marked 'complete' in the ticketing system shortly after the staging deployment, with no verification step recorded. Which change management failure BEST explains why the production server remained vulnerable?

A. The backout plan was not tested before the patch was applied to staging B. The impact analysis was incomplete and did not include the production environment C. The approval process was bypassed when promoting the change from staging to production D. The standard operating procedure did not require a test results review before marking a change complete

Question 8

The CISO of a mid-sized manufacturing company is reviewing the organization's change management policy after a failed software rollout caused four hours of production downtime. A post-mortem reveals that the change was deployed during peak business hours, no rollback procedure had been prepared, and multiple teams were unaware the change was happening. The CISO wants to update the policy to prevent similar incidents. Which THREE change management elements should the CISO prioritize adding or enforcing? (Choose the answer that captures the three most relevant.)

A. Approval process, impact analysis, and version control B. Maintenance window, backout plan, and stakeholder communication C. Ownership assignment, dependency mapping, and standard operating procedure D. Test results documentation, allow lists, and legacy application review

Question 9

A security engineer at a cloud-native company is tasked with updating the organization's firewall allow list to permit traffic from a newly contracted third-party API provider. The engineer makes the change directly in the production environment without going through the formal change management process, reasoning that it is a minor, low-risk modification. Two days later, an overly broad rule accidentally introduced during the update allows inbound traffic from unexpected IP ranges. Which change management principle does this scenario MOST clearly demonstrate the importance of?

A. All changes, regardless of perceived risk level, should go through the formal change management process including impact analysis and approval B. Only changes that affect customer-facing systems require formal change management review and documentation C. Allow list modifications should be categorized as restricted activities and delegated only to senior engineers D. Emergency changes are exempt from the approval process as long as they are documented within 48 hours

Question 10

A systems administrator at a university is preparing to roll back a recent Group Policy update after discovering it has broken VPN authentication for remote faculty. The administrator has identified the previous policy settings and is ready to restore them, but realizes that no formal procedure for reverting this specific change was documented when the original update was approved. Which change management element, had it been properly created before the initial Group Policy change was deployed, would have provided the administrator with a structured path to recover?

A. Maintenance window B. Ownership documentation C. Backout plan D. Standard operating procedure

CompTIA Security+ Practice Test of the Day 260303

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

Leave a Reply Cancel reply

You missed

CEH v13 Domain 7.1 Practice Test 002

CEH v13 Domain 6.1 Practice Test 002

CEH v13 Domain 5.3 Practice Test 002

CEH v13 Domain 5.2 Practice Test 002