ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During a security assessment of a payment-processing server, you must determine whether configuration changes were controlled and formally authorized. Which artifact would provide the strongest examination evidence that every change underwent an approved review process?
Weekly backup verification reports for the server
An automatically generated inventory of installed software versions
Syslog entries that record the timestamps of configuration file edits
Approved change request tickets with management sign-off stored in the change management system
Signed and recorded change requests maintained in the organization's change management system document who proposed the change, the reason for it, the approvals obtained, and any testing or back-out plans. This satisfies NIST SP 800-53 CM-3/CM-4 requirements for documenting and authorizing configuration changes, giving the assessor direct evidence of a repeatable, enforced control. Syslog entries only show that changes occurred, not that they were approved. Backup reports demonstrate data-protection procedures, not change control. A current software inventory confirms what is installed but offers no assurance that installations followed an authorized process. Therefore, approved change request records best verify that configuration changes are properly reviewed and authorized.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is NIST SP 800-53 CM-3/CM-4?
Open an interactive chat with Bash
Why are syslog entries insufficient for configuration change control?
Open an interactive chat with Bash
What is a change management system and its role in security assessments?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Assessment/Audit of Security and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .