Certified Information Systems Security Professional (CISSP) — Question 33

Which of the following is the BEST way to determine the success of a patch management process?

Answer options

• A. Change management
• B. Configuration management (CM)
• C. Analysis and impact assessment
• D. Auditing and assessment

Correct answer: D

Explanation

The correct answer is D because auditing and assessment provide a thorough evaluation of the patch management process's effectiveness, ensuring compliance and identifying any gaps. The other options, while important in their own right, do not specifically measure the success of patch management as directly as auditing does.