What is the BEST method to verify that all security patches applied to servers were properly
documented?
A.
Trace change control requests to operating system (OS) patch logs
B.
Trace OS patch logs to OS vendor’s update documentation
C.
Trace OS patch logs to change control requests
D.
Review change control documentation for key servers
Explanation:
To ensure that all patches applied went through the change control process, it is necessary to use
the operating system (OS) patch logs as a starting point and then check to see if change control
documents are on file for each of these changes. Tracing from the documentation to the patch logwill not indicate if some patches were applied without being documented. Similarly, reviewing
change control documents for key servers or comparing patches applied to those recommended
by the OS vendor’s web site does not confirm that these security patches were properly approved
and documented.