Exam CS0-002 topic 1 question 57 discussion

Change Management doesn't "prevent" it. Whitelisting will absolutely prevent it though.

Based on the answers we have to choose from, answer A (Change Management) is the BEST answer. One does not simply just whitelist an application. Even if there is no formal "change management" process, you still have to follow best practices to ensure the application is secure and compliant with your security policy.

In this scenario, if the systems administrator had followed a change management process, they would have needed to document and seek approval for the installation of the utility that caused the issue. This would have allowed for a review of the utility and its potential impact on the web server cluster.

Install a tool = change in the host. So I go for A on this, cuz with a change management control this could be prevented now and in the future as well.

the only choice

A it is

Application whitelisting is for authorization..how would that help in the future? The admin already installed it...it is not an authorization issue, it is crappy software issue. Ideally, had "test in a lab/test environment first" been one of the choices, that would be it, but it isn't. Change Management is a crappy answer but sadly the best one.

I'm going with Change Management. After doing some research/studying I can see how application whitelisting would work since it is a list of approved applications that can be downloaded but since it is a critical system that was taken offline and the question is asking you 'prevent' it from happening 'again' I think change management which would require approval to not only install the application but also require testing before hand would be better at preventing this situation from happening again.

Change Management o The process through which changes to the configuration of information systems are monitored and controlled, as part of the organization's overall configuration management efforts o Each individual component should have a separate document or database record that describes its initial state and subsequent changes ▪ Configuration information ▪ Patches installed ▪ Backup records ▪ Incident reports/issues o Change management ensures all changes are planned and controlled to minimize risk of a service disruption

Wouldn't a whitelist be a list of proven applications? If they had that, they wouldn't have used this application at, they would have used one on the list. I think if this had been a blacklist then the answer would be correct as this would be on the list for not using it in the future. If they have a whitelist and this event happens, the whitelist will not change nor help this situation. Blacklist would be a great answer, whitelist is not....in my book anyway. Going with Change Management.

I think A is the best answer, because change management is the process of requesting, approval, validating, and logging. By following this process, the utility would have to be tested to validate it doesn't cause issues before and after installation. Also in this scenario, logging would provide a way to identify the cause and restore the cluster to it's previous state

I think Application whitelisting will be better in this case.

Change Management All networks evolve, grow, and change over time. Companies and their processes also evolve and change, which is a good thing. But infrastructure change must be managed in a structured way so as to maintain a common sense of purpose about the changes. By following recommended steps in a formal change management process, change can be prevented from becoming the tail that wags the dog. The following are guidelines to include as a part of any change management policy: All changes should be formally requested. Each request should be analyzed to ensure it supports all goals and polices. Prior to formal approval, all costs and effects of the methods of implementation should be reviewed. After they’re approved, the change steps should be developed. During implementation, incremental testing should occur, relying on a predetermined fallback strategy if necessary. Complete documentation should be produced and submitted with a formal report to management. https://learning.oreilly.com/library/view/comptia-cybersecurity-analyst/9780136747000/ch08.xhtml#ch08lev1sec8

Wouldnt application whitelist be better? as it can make sure the application is safe / approved before we deploy it so that it doesnt crash the server?

Doesn't Utility = Application = Whitelisting as a solution? it's weird that change management is the solution tbh.

A sounds right