CompTIA CySA+ (CS0-001) — Question 218

A security analyst has performed various scans and found vulnerabilities in several applications that affect production data. Remediation of all exploits may cause certain applications to no longer work. Which of the following activities would need to be conducted BEFORE remediation?

Answer options

• A. Fuzzing
• B. Input validation
• C. Change control
• D. Sandboxing

Correct answer: C

Explanation

Change control is essential before remediation to ensure that any changes made do not disrupt application functionality. This process helps manage modifications and assess the potential impact on production systems. The other options, while important in the security lifecycle, do not specifically address the need to manage changes and risks associated with remediation.