A cybersecurity analyst discovers that several recently deployed servers in the DMZ are not aligned with the company's security baseline. The servers are missing required patches and have overly permissive firewall rules, introducing significant risk. This deviation was not caught by the quarterly vulnerability scan. Which of the following processes would be MOST effective at preventing this type of issue in the future?
The correct answer is configuration management. This process involves establishing and maintaining consistency in a system's or product's performance and functional attributes throughout its lifecycle. In this scenario, a robust configuration management process would have ensured the new servers were deployed using an approved, secure baseline image and that any subsequent changes were tracked and authorized, preventing the observed deviations. Vulnerability management reporting focuses on communicating discovered vulnerabilities, which is reactive. Mitigation planning deals with fixing known vulnerabilities, not preventing baseline deviations. Risk score analysis is used to prioritize vulnerabilities, not to enforce configurations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is configuration management in cybersecurity?
Open an interactive chat with Bash
How does configuration management differ from vulnerability management?
Open an interactive chat with Bash
What happens if configuration management is not implemented correctly?