Back to Security Assessment and Testing

Configuration Management Review

5 minutes 5 Questions

Configuration Management Review is the process of analyzing an organization's configuration management processes and verifying that the established policies and procedures are being followed effectively. This review ensures that system configurations are well managed, documented, and controlled thr…

Test mode:
Start practice test
CISSP - Configuration Management Review Example Questions

Test your knowledge of Configuration Management Review

Question 1

An organization is implementing a DevOps practice to reduce inconsistencies. Which configuration management-related activity is likely to support this objective?

Correct Answer: Establishing version control across development and production environments

Establishing version control across development and production environments ensures consistency, improves traceability, and reduces the risk of environmental inconsistencies. The other options can lead to disorganization, mismanagement, and potential security risks.

Question 2

An organization has updated its firewall policies to improve the security posture. However, after a Configuration Management Review, they noticed increased dropped packets, and some business-critical services are no longer reachable. What action should the organization take?

Correct Answer: Roll back the changes and analyze the issue to identify the root cause

The organization should roll back the changes that caused the issue and analyze the problem to identify the root cause, then correct it before reapplying the updated firewall policies.

Question 3

A system administrator has completed the implementation of a new software application. Internal personnel claim the application is exposing sensitive data to unauthorized parties. What should the system administrator do next as part of the Configuration Management Review process?

Correct Answer: Initiate an incident response process and conduct a security review

The system administrator should initiate an incident response process, conduct a security review to determine if there's a data breach or vulnerability, and take appropriate actions to mitigate it.

More Configuration Management Review questions
10 questions (total)
Start 10 question test