When comparing security configurations during an audit, an analyst notices that a recently deployed server's configuration deviates from the established organizational secure baseline. Which action should be taken FIRST based on best practices?
Review the deviation to determine if it's an authorized exception or requires remediation.
Automatically reject the server from the production environment until it matches the baseline.
Accept all deviations as acceptable risk given the server is newly deployed.
Immediately remediate the server to match the secure baseline configuration.
The correct answer is 'Review the deviation to determine if it's an authorized exception or requires remediation.' Best practices dictate that security professionals should always review any deviations from secure baselines to understand whether these are authorized exceptions based on a documented business need or risk assessment, or if they pose an unintentional risk which requires immediate remediation. Rejecting the server without this review might negate authorized adjustments for operational functionality, while accepting all baseline deviations could lead to potential security risks. Immediate remediation without review may also disrupt business processes if the deviation was intended.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a secure baseline in security configurations?
Open an interactive chat with Bash
What are the implications of deviating from a secure baseline?
Open an interactive chat with Bash
What is meant by an authorized exception to a security baseline?