Certified Information Security Manager (CISM) — Question 120

What is the PRIMARY objective of implementing standard security configurations?

Answer options

• A. Maintain a flexible approach to mitigate potential risk to unsupported systems.
• B. Minimize the operational burden of managing and monitoring unsupported systems.
• C. Compare configurations between supported and unsupported systems.
• D. Control vulnerabilities and reduce threats from changed configurations.

Correct answer: D

Explanation

The primary objective of implementing standard security configurations is to control vulnerabilities and mitigate threats that arise from configuration changes, which is captured in option D. Options A and B focus on flexibility and operational burden, which are secondary concerns rather than primary objectives. Option C discusses comparison, which does not directly address the main goal of security configurations.