Certified Information Systems Security Professional (CISSP) — Question 76

Which of the following is the MOST common cause of system or security failures?

Answer options

• A. Lack of physical security controls
• B. Lack of change control
• C. Lack of logging and monitoring
• D. Lack of system documentation

Correct answer: B

Explanation

The correct answer is B, as a lack of change control can lead to untested or unauthorized modifications that compromise system integrity. While the other options can contribute to security failures, they are not as directly impactful on the system's stability and security as inadequate change management.