CompTIA Security+ (SY0-501) — Question 221

A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability.
In order to prevent similar situations in the future, the company should improve which of the following?

Answer options

• A. Change management procedures
• B. Job rotation policies
• C. Incident response management
• D. Least privilege access controls

Correct answer: A

Explanation

Improving change management procedures is essential because the vulnerability arose from the combination of two updates, indicating a need for better oversight and testing of changes before deployment. The other options, while important for security and operations, do not directly address the issue of managing software updates and their potential interactions.