Exam 220-1002 topic 1 question 458 discussion

Scope and purpose are the first elements of change management. Sometimes, many times you have to research the business practices for the specific business not document. Scope is the likely next step.

The scenario mentions several servers (scope of the change) and the critical update (risk analysis – what will happen if the change isn’t applied). The CIO is the person in charge of security, so he doesn’t have to report the change to anybody else (change request/change board). Then the CIO asks the technician to apply the change (which happens after the CAB approves the change) and checks if the change was implemented successfully (end-user acceptance). The last step of this process is to document changes. The answer is D.

everything in that question is scope of change so the next thing is risk analysis to what the boss wants

"Critical update is required to secure several servers within the organization. The CIO asks a technician to: ✑ Deploy the patches to the environment following best practice protocols. ✑ Ensure the servers and applications are functioning properly after the deployment. Which of the following steps will the technician most likely take NEXT? C. Perform a risk analysis. Reason: They CIO already knows the Scope and he is not trying to add or remove anything. So, the concern should be about what the Risks are. My humble opinion.

Likely to be B, at first I also thought it may be C also agreeing with Alex1313 but not after reading this. Per Prowse "Scope the change This is where the technician goes into detail about what systems will be updated and the procedure that will take place, including who it will affect and when; for example, expanding or reducing the functionality of a technology. This is also known as scope change."

I agree with JE39. The CIO (boss) asked to follow best practice protocols and the technician has not done any of the protocols yet. So the tech needs to start with the purpose and scope of the change, then after that is the Risk Analysis... Usually included as part of the purpose of the change, the scope of the change defines who and what this change will affect. This includes an inventory of all systems involved, the number of people involved in making the change, how long the change will take, and often the estimated cost of the change. -Mike Meyers ebook

Not sure how the first one relates to the purpose, but the second definitely relates to the 2nd point. Point: Ensure the servers and applications are functioning properly after the deployment. Takin from change management regarding scoping the change: Part of scoping a change means creating an itemized list of things that will stay the same (core functions), go away (old equipment), or have a mixed outcome after a change has been implemented. Therefore, I think this has got to be risk analysis since it is next in the order.

E. Document the changes...

Not sure on this one tbh. The only reason I could see why they'd go with Risk Analysis here instead of Scope as JE39 said, is that theres no mention of doing the documentation. In a purely practical sense the next step of doing things would be to carry out a risk analysis as you've already been told the purpose and the scope by the CIO? Seems like terrible practice though.