New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CISSP Exam - Topic 4 Question 106 Discussion

Actual exam question for ISC2's CISSP exam
Question #: 106
Topic #: 4
[All CISSP Questions]

An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRST action to be taken?

Show Suggested Answer Hide Answer
Suggested Answer: B

Configuration is the process of setting up and maintaining the parameters, settings, and options of a system or application to ensure its optimal performance and security. Configuration change is the process of modifying or updating the configuration of a system or application to meet the changing needs or requirements of the organization and the stakeholders. Configuration change should be controlled and documented by using a change control process. A change control process is a process that defines the steps, roles, and responsibilities for requesting, approving, implementing, testing, and documenting the configuration changes of a system or application. A change control process can help to ensure that the configuration changes are authorized, validated, and traceable, and that they do not adversely affect the functionality, security, or availability of the system or application. The first action to be taken when an audit of an application reveals that the current configuration does not match the configuration of the originally implemented application is to verify the approval of the configuration change. Verifying the approval of the configuration change is the process of checking and confirming that the configuration change was requested, reviewed, and authorized by the appropriate parties, such as the change owner, the change manager, or the change board, before it was implemented. Verifying the approval of the configuration change can help to determine if the configuration change was legitimate, necessary, and compliant with the organization's policies and standards, as well as to identify and resolve any issues or discrepancies that may arise from the configuration change. Recommending an update to the change control process, rolling back the application to the original configuration, or documenting the changes to the configuration are not the first actions to be taken when an audit of an application reveals that the current configuration does not match the configuration of the originally implemented application, as they are more related to the improvement, restoration, or reporting aspects of the configuration change.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 11: Security Operations, page 665;CISSP Official (ISC)2 Practice Tests, Third Edition, Domain 7: Security Operations, Question 7.9, page 273.


by Chery at Aug 01, 2025, 01:55 AM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Fannie
2 months ago
I'm not sure about D, documenting changes seems less urgent.
upvoted 0 times
...
Nancey
2 months ago
I think C makes more sense, just roll it back!
upvoted 0 times
...
Krissy
2 months ago
Definitely B, you need to verify before doing anything else.
upvoted 0 times
...
Rodney
3 months ago
Agree with B, approval is key here.
upvoted 0 times
...
Stevie
3 months ago
Wait, how did the config get changed without anyone knowing?
upvoted 0 times
...
Judy
3 months ago
I wonder if recommending an update to the change control process is a valid first step. It seems like a good long-term solution, but is it immediate enough?
upvoted 0 times
...
Willie
3 months ago
I practiced a similar question, and I feel like rolling back the application might be too drastic without checking the approval first.
upvoted 0 times
...
Talia
4 months ago
I'm not entirely sure, but I remember something about documenting changes being important. Maybe that should come first?
upvoted 0 times
...
Felicitas
4 months ago
I think the first step should be to verify the approval of the configuration change. It seems like the logical thing to do before taking any further action.
upvoted 0 times
...
Sheridan
4 months ago
I feel pretty good about this one. Based on my understanding of configuration management best practices, the first step is to verify the approval of the configuration change. That's the foundation for everything else.
upvoted 0 times
...
Tammara
4 months ago
I'm a little confused by this question. There are a few options that seem reasonable, but I'm not sure which one is the absolute first step. I'll have to think it through more carefully.
upvoted 0 times
...
Carma
4 months ago
Okay, I've got this. The first step is to verify the approval of the configuration change. That's the most important thing to establish before taking any other action.
upvoted 0 times
...
Lai
5 months ago
Hmm, I'm a bit unsure about this one. I'm trying to think through the logical flow of steps, but I'm not totally confident in my approach. Maybe I should re-read the question carefully.
upvoted 0 times
...
Cyril
5 months ago
This seems like a straightforward configuration management question. I think the key is to identify the first step that should be taken, which is likely to verify the approval of the configuration change.
upvoted 0 times
...
Pamella
5 months ago
That's a good point, Loreen. We should make sure the change was approved before taking any further action.
upvoted 0 times
...
Loreen
5 months ago
But shouldn't we also verify the approval of the configuration change?
upvoted 0 times
...
Nan
6 months ago
Hmm, I'm not sure. This seems like a tricky one. Maybe we should consult the IT guy in the break room - he's always good for a laugh and a hint or two.
upvoted 0 times
...
Golda
6 months ago
C looks like the way to go. Rolling back to the original configuration is the safest option.
upvoted 0 times
...
Nell
6 months ago
I agree with Pamella, documenting the changes is important for tracking.
upvoted 0 times
...
Pamella
6 months ago
I think the first action should be to document the changes to the configuration.
upvoted 0 times
...
Brendan
7 months ago
I think the correct answer is B. We need to verify the approval of the configuration change before doing anything else.
upvoted 0 times
...

Save Cancel