CompTIA Security+ (SY0-701) — Question 476

Which of the following steps should be taken before mitigating a vulnerability in a production server?

Answer options

• A. Escalate the issue to the SDLC team.
• B. Use the IR plan to evaluate the changes.
• C. Perform a risk assessment to classify the vulnerability.
• D. Refer to the change management policy.

Correct answer: D

Explanation

The correct answer is D, as referring to the change management policy ensures that any changes made to the production server are properly documented and authorized, minimizing the risk of further issues. Options A and B are not primary steps in the vulnerability mitigation process, and while option C is important, it precedes the formal change management requirements that govern production environments.