When comparing security configurations during an audit, an analyst notices that a recently deployed server's configuration deviates from the established organizational secure baseline. Which action should be taken FIRST based on best practices?
Immediately remediate the server to match the secure baseline configuration.
Review the deviation to determine if it is an authorized exception or requires remediation.
Automatically reject the server from the production environment until it matches the baseline.
Accept all deviations as acceptable risk given the server is newly deployed.
The correct answer is "Review the deviation to determine if it is an authorized exception or requires remediation." Best practices dictate that security professionals should always review any deviations from secure baselines to understand whether these are authorized exceptions based on a documented business need or risk assessment, or if they pose an unintentional risk that requires immediate remediation. Rejecting the server without this review might negate authorized adjustments for operational functionality, while accepting all baseline deviations could introduce security risks. Immediate remediation without review may also disrupt business processes if the deviation was intended.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a secure baseline in server configuration?
Open an interactive chat with Bash
How are authorized exceptions to secure baselines documented?
Open an interactive chat with Bash
Why is immediate remediation without review not recommended?