ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your organization's runbooks and configuration change logs are saved as editable spreadsheets on a shared network drive that all engineers can modify. To align with secure documentation practices, which action offers the greatest improvement in integrity and traceability of these records?

Copy the spreadsheets to a read-only public cloud bucket each night to prevent accidental deletion.
Migrate the files to a version-controlled repository that enforces role-based access control and retains full commit history.
Require engineers to password-protect their local copies before uploading them to the shared drive.
Print the spreadsheets weekly and store them in a locked filing cabinet managed by facilities.

Report Issue

Answer Description

Secure documentation requires that configuration and change records be protected against unauthorized alteration while still supporting accountability. Moving the documents into a version-controlled repository with enforced role-based access control provides several security benefits: every modification is recorded with the identity of the changer and a timestamp, previous versions can be recovered, and write permissions can be limited to authorized personnel. Simply copying files to a public bucket, password-protecting local copies, or printing paper archives may offer some protection against deletion or casual viewing but does not supply tamper-evident change tracking or granular access controls, leaving the documentation vulnerable to undetected or unapproved edits.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.