Chapter 21
_____________ is the process of identifying which assets need to be managed and controlled. configuration control configuration status accounting configuration identification configuration auditing
configuration identification
An organization must choose between using Capability Maturity Model Integration (CMMI) or change management.
false
Change management and configuration management are two very different processes.
false
Change management is only needed in the development and testing phases of the systems life cycle.
false
Change management is the process of changing the middle managers in a company during a merger.
false
Change management makes localization efforts more complex.
false
All access to systems, software, and data should be assigned using what principle? A. Least privilege B. Role-based access C. Minimum use D. Activity-based access
least privilege
Configuration status accounting consists of the procedures for tracking and maintaining data relative to each configuration item in the baseline.
true
Network and system administrators use change management to ensure configurations consistently meet security standards.
true
Configuration _______________ is the process of verifying that the configuration items are built and maintained according to the requirements, standards, or contractual agreements. identification control auditing status accounting
auditing
________________ serves as a foundation for comparison or measurement. A. Configuration identification B. Configuration status accounting C. Baseline D. Configuration items
baseline
_______________ refers to a standard methodology for performing and recording changes during software development and system operation.
change management
Whenever a modified program is moved to the production source-code library, the executable version is moved to the production system. This is an example of which of the following? A. Authenticode B. Code integrity C. Separation of duties D. Output code variation
code integrity
_______________ is the process of controlling changes to items that have been baselined. configuration items configuration control configuration status accounting baseline
configuration control
Which of the following is the first step in change management? A. Configuration control B. Configuration status accounting C. Configuration identification D. Configuration audit
configuration identification
Despite all the benefits from separation of duties, the biggest disadvantage is that the people who know the software best (the developers, designers, and testers) are not the ones that install and administer the software.
false
_______________ is an important means by which errors and fraudulent or malicious acts can be discouraged and prevented.
segregation of duties
What is the key concept in change management?
separation of duties
A(n) _________ is used by the change control board to track changes. A. Situation process report B. Software problem report C. Segregated personnel responsibilities D. System progress report
system progress report
A(n) ______________ is used to track changes through the change control board. A. Situation process report B. Software problem report C. Segregated personnel responsibilities D. System progress report
system progress report
A configuration item is an asset that needs to be controlled or managed.
true
Change control prevents inadvertent overwriting of critical reference data.
true
What is configuration control? A. Ensures that configuration items are built and maintained according to the requirements, standards, or contractual agreements B. Ensures that only approved changes to a baseline are allowed to be implemented C. Ensures all changes made separate from the baseline are well documented and controlled D. Identifies which assets need to be controlled.
B
What is configuration auditing? A. Ensures that configuration items are built and maintained according to the requirements, standards, or contractual agreements B. Ensures that only approved changes to a baseline can be implemented C. Ensures all changes made separate from the baseline are well documented and controlled D. Identifies which assets need to be controlled
A
Which of the following is true about change control boards? A. They are made up of non-administrative staff to prevent bias in decision making. B. They should meet annually to revise the change control executive plan. C. They should facilitate adequate change management oversight and better coordination between projects. D. They are only necessary in extremely large corporations that wish to maintain standards across multinational divisions.
C
Change management can be applied to every type of software development EXCEPT: A. Security patches B. Source code C. Web pages D. Change management should be applied to all types of software development.
D
