Notifications
Clear all
Topic starter
28/06/2022 1:56 am
A financial institution has several that currently employ the following controls:
* The severs follow a monthly patching cycle.
* All changes must go through a change management process.
* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.
* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.
An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour .
Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?
- A . Require more than one approver for all change management requests.
- B . Implement file integrity monitoring with automated alerts on the servers.
- C . Disable automatic patch update capabilities on the servers
- D . Enhanced audit logging on the jump servers and ship the logs to the SIE
Suggested Answer: B