ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During a quarterly audit you find that several development servers have new, unauthorized services enabled, deviating from the organization's approved secure baseline configuration. Which action is the MOST effective way to prevent this configuration drift and keep all servers aligned with the baseline going forward?
Rebuild all servers from a golden image once per year during scheduled maintenance.
Have system administrators manually verify server settings each week against paper checklists.
Adopt IaC templates kept under version control and apply them automatically with a configuration-management tool.
Enable verbose logging to capture and review any services that start without authorization.
Using Infrastructure as Code (IaC) templates that are stored in a version-controlled repository and automatically applied by a configuration-management platform enforces the approved baseline on every provisioned or existing server. The templates become the single source of truth, enable peer review, and allow rapid rollback of unauthorized changes. Annual rebuilds or manual checklist reviews are periodic and error-prone, allowing drift to re-emerge between checks. Simply increasing logging detects deviations but does not actively restore or enforce baseline settings.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Infrastructure as Code (IaC)?
Open an interactive chat with Bash
What is configuration drift and why is it problematic?
Open an interactive chat with Bash
How do configuration-management tools enforce server consistency?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)