CCNA Documentation and Change Management Questions

30 questions · Documentation and Change Management · All types, answers revealed

1
MCQhard

A technician is troubleshooting a recurring network outage that occurs every Tuesday at 3 PM. After reviewing the change log, the technician finds that a scheduled backup job runs at that time. What is the best course of action?

A.Disable the backup job immediately to restore network stability.
B.Document the correlation and propose a change to the backup schedule.
C.Increase the network bandwidth to accommodate the backup traffic.
D.Ignore the issue since the backup is a critical process.
AnswerB

Proper documentation of the issue allows the CAB to evaluate and approve a schedule change, balancing network performance and backup needs.

Why this answer

This question tests the ability to correlate documented changes with incidents. The best action is to update the documentation to reflect the impact and then work with the change advisory board to reschedule the backup or mitigate the outage.

2
MCQmedium

A technician is deploying a new application to 20 sales laptops. The change management plan requires a pilot test on 2 laptops before full deployment. After testing, the technician finds the application works but conflicts with the VPN client. What should the technician do?

A.Deploy the application to all laptops and disable the VPN client on each.
B.Document the conflict and submit a revised change request with a resolution plan.
C.Continue with the deployment and note the conflict in the change log.
D.Uninstall the VPN client from all laptops and reinstall after the deployment.
AnswerB

Proper change management requires documenting the issue and seeking approval for a revised plan before proceeding.

Why this answer

Option B is correct because the change management process requires that any issues discovered during pilot testing be formally documented and addressed before full deployment. Since the application conflicts with the VPN client, the technician must submit a revised change request that includes a resolution plan (e.g., updating the application, modifying VPN configuration, or scheduling a coordinated deployment). This ensures compliance with organizational change control policies and minimizes risk to production systems.

Exam trap

CompTIA often tests the misconception that a discovered conflict can be ignored or worked around without formal change management approval, tempting candidates to choose options that prioritize speed over process compliance.

How to eliminate wrong answers

Option A is wrong because deploying the application to all laptops and disabling the VPN client on each bypasses the change management process and could disrupt remote access for sales staff, violating security and operational requirements. Option C is wrong because continuing with deployment while merely noting the conflict in the change log fails to resolve the known issue, which could lead to widespread VPN failures and non-compliance with the pilot test requirement. Option D is wrong because uninstalling the VPN client from all laptops before deployment is a disruptive workaround that ignores the root cause and may violate security policies; the conflict should be resolved through proper change management, not by removing critical software.

3
MCQeasy

A small business is deploying a new time-tracking application to five workstations. The technician needs to ensure the installation is standardized and repeatable. Which documentation should the technician create before starting the deployment?

A.A list of user passwords for the application.
B.A detailed network topology diagram.
C.A step-by-step installation guide with screenshots.
D.A copy of the software license agreement.
AnswerC

A step-by-step guide ensures each workstation is configured identically and serves as a reference for future deployments.

Why this answer

This question focuses on the importance of creating a deployment plan or runbook before performing installations. Standardized documentation ensures consistency and reduces errors across multiple machines.

4
MCQeasy

A help desk technician receives a complaint that a shared network printer is no longer accessible after a scheduled firmware update was applied to the print server last night. The change was documented but no rollback plan was included. What should the technician do first?

A.Reboot the print server to clear any temporary errors.
B.Restore the print server to its previous firmware version.
C.Submit a new change request to update the firmware again.
D.Disable the printer in Active Directory and re-add it.
AnswerB

Restoring the previous firmware is the most direct way to reverse the change, even though the rollback plan was missing; it should be done following proper change control.

Why this answer

Option B is correct because the scheduled firmware update directly caused the printer to become inaccessible, and without a documented rollback plan, reverting to the previous firmware version is the safest and most immediate way to restore service. This aligns with change management best practices, which prioritize backing out a failed change before troubleshooting further, as the root cause is clearly the firmware update.

Exam trap

The trap here is that candidates often choose to reboot the server (Option A) as a generic troubleshooting step, but the question specifies the change was a firmware update, so the only effective first action is to revert that specific change.

How to eliminate wrong answers

Option A is wrong because rebooting the print server may clear temporary errors but will not revert the firmware version, so if the new firmware is incompatible or buggy, the issue will persist after the reboot. Option C is wrong because submitting a new change request to update the firmware again would repeat the same action that caused the outage, which is illogical and violates change management principles. Option D is wrong because disabling and re-adding the printer in Active Directory addresses only the printer object and driver mapping, not the underlying firmware incompatibility on the print server.

5
MCQhard

A technician is performing a routine software update on a finance department server. The change management documentation specifies that the update must be applied during a maintenance window from 2:00 AM to 4:00 AM. At 3:30 AM, the update fails with an error. The technician has no rollback plan documented. What should the technician do?

A.Attempt to roll back the update using the server’s built-in recovery options.
B.Leave the server in its current state and escalate the issue to the change manager.
C.Continue troubleshooting until the maintenance window ends, then document the failure.
D.Reboot the server to clear the error and retry the update.
AnswerB

Escalating ensures that the change manager can coordinate a proper response, possibly involving the CAB, and document the failure for future improvements.

Why this answer

Option B is correct because the technician has no documented rollback plan, and the change management process requires that any deviation from the approved plan—such as a failed update—must be escalated to the change manager for a decision. Attempting an undocumented rollback or continuing to troubleshoot without authorization risks data corruption, service disruption, or violating compliance policies. The technician’s primary duty is to preserve the server’s current state and follow the escalation path defined in the change management policy.

Exam trap

The trap here is that candidates assume built-in recovery options (Option A) are always safe to use, but the exam tests that without a documented rollback plan, any recovery attempt is an unauthorized change that violates change management procedures.

How to eliminate wrong answers

Option A is wrong because using the server’s built-in recovery options without a documented rollback plan is an unauthorized deviation from the change management process; it could cause irreversible data loss or configuration corruption, and the technician has no approved procedure to validate the recovery steps. Option C is wrong because continuing to troubleshoot past the maintenance window without authorization violates the change window constraints and could extend the outage beyond the approved downtime, increasing risk to the finance department’s operations. Option D is wrong because rebooting the server to clear the error and retrying the update is an unapproved action that may mask the root cause, potentially leading to a partial or inconsistent update state, and it ignores the requirement to escalate when the documented plan fails.

6
MCQmedium

A technician is configuring a new server and follows a documented standard operating procedure (SOP). After completion, the technician realizes the SOP is outdated and omits a critical security setting. What should the technician do?

A.Apply the missing setting and update the SOP to include it.
B.Ignore the missing setting since the SOP was followed.
C.Submit a change request to update the SOP without applying the setting.
D.Revert the server configuration and wait for an updated SOP.
AnswerA

Applying the missing setting corrects the security issue, and updating the SOP ensures the documentation is accurate for future use.

Why this answer

Option A is correct because the technician discovered a security gap in the SOP that could leave the server vulnerable. The proper action is to immediately apply the missing critical security setting to protect the server, then update the SOP to reflect the correct procedure. This aligns with change management best practices where security findings take precedence over outdated documentation, and the SOP must be corrected to prevent future misconfigurations.

Exam trap

The trap here is that candidates may think following the SOP exactly is always correct, but Cisco tests the principle that security and risk mitigation override strict adherence to outdated documentation when a known vulnerability is identified.

How to eliminate wrong answers

Option B is wrong because ignoring a known security omission violates the principle of due diligence and could expose the server to exploitation; following an outdated SOP does not excuse the technician from applying necessary security controls. Option C is wrong because submitting a change request to update the SOP without applying the setting leaves the server in an insecure state during the approval process, which is unacceptable for critical security configurations. Option D is wrong because reverting the server and waiting for an updated SOP introduces unnecessary downtime and delays, while the technician already knows the correct setting and can apply it immediately to secure the server.

7
MCQeasy

A user reports that their workstation cannot connect to the company file server after a scheduled network maintenance window last night. The technician checks the change management records and finds no mention of any changes to the file server. What is the most likely cause of the issue?

A.The file server requires a firmware update
B.The maintenance window affected a network switch that the file server relies on
C.The user’s account password has expired
D.The file server’s hard drive has failed
AnswerB

Undocumented changes to network infrastructure, like a switch, can disrupt connectivity even if the server itself was not changed.

Why this answer

The scheduled network maintenance window is the key clue: it likely involved changes to network infrastructure such as switches, routers, or VLAN configurations. If a network switch that the file server depends on was modified or rebooted during maintenance, the workstation would lose connectivity even though the file server itself was untouched. Change management records only track changes to the file server, not to network devices, so the absence of file server changes does not rule out a network-level cause.

Exam trap

CompTIA often tests the concept that change management records only reflect changes to the specific device in question, not to the broader network infrastructure, leading candidates to overlook network-level causes like a switch misconfiguration during maintenance.

How to eliminate wrong answers

Option A is wrong because a firmware update is a planned change that would be documented in change management; it is not a typical outcome of a maintenance window and would not suddenly cause a connectivity issue without prior notice. Option C is wrong because an expired password would prevent authentication but not block network connectivity to the file server; the user would still be able to ping or reach the server at the transport layer. Option D is wrong because a hard drive failure would cause the file server to become unresponsive or fail to boot, but the user would likely see a 'server not found' error rather than a simple connectivity loss, and such a failure is unrelated to the scheduled maintenance window.

8
MCQhard

During a major software rollout, a technician discovers that the deployment script modifies a registry key that is also used by a legacy application. The change was not included in the original change request. What should the technician do?

A.Proceed with the deployment since the registry change is necessary for the new software.
B.Modify the script to skip the registry change and continue.
C.Stop the deployment and submit a new change request for the registry modification.
D.Document the registry change after the deployment is complete.
AnswerC

Stopping and submitting a new request ensures the change is properly reviewed and documented, preventing unintended consequences.

Why this answer

Option C is correct because any unapproved change to a system, even if necessary, must follow the change management process. The technician discovered that the deployment script modifies a registry key shared with a legacy application, which was not included in the original change request. Stopping the deployment and submitting a new change request ensures proper review, risk assessment, and approval before altering a shared resource that could impact the legacy application.

Exam trap

The trap here is that candidates may think a necessary change can be made immediately without approval, confusing 'necessary' with 'authorized,' but CompTIA emphasizes that all changes must follow the change management process regardless of urgency.

How to eliminate wrong answers

Option A is wrong because proceeding without approval violates change management policy and could cause unexpected failures in the legacy application due to the unplanned registry modification. Option B is wrong because skipping the registry change may break the new software deployment, as the script likely depends on that key for functionality, and modifying the script without authorization is also a change management violation. Option D is wrong because documenting the change after deployment bypasses the required pre-approval process and does not mitigate the risk of impacting the legacy application during the rollout.

9
MCQmedium

A technician is preparing to replace a failed hard drive in a server that hosts a critical database. The change requires a planned downtime of two hours. Which documentation must the technician review before proceeding?

A.The server's warranty information.
B.The approved change request and the backout plan.
C.The network topology diagram.
D.The employee handbook.
AnswerB

Reviewing the change request confirms authorization, and the backout plan provides steps to restore service if the replacement fails.

Why this answer

Option B is correct because before performing any hardware replacement that requires planned downtime, the technician must review the approved change request to confirm the change has been authorized and to understand the scope, risk, and implementation steps. The backout plan is equally critical as it provides the documented steps to revert the server to its previous state if the replacement fails, ensuring database integrity and minimizing extended downtime. This aligns with ITIL change management best practices and CompTIA A+ 220-1202 objectives for documentation review during hardware maintenance.

Exam trap

The trap here is that candidates confuse operational documentation (like network diagrams or warranty info) with the change management artifacts (change request and backout plan) that are mandatory before any planned downtime, leading them to choose a plausible but incorrect option.

How to eliminate wrong answers

Option A is wrong because warranty information is irrelevant to the immediate task of replacing a failed hard drive; it would be consulted after the fact for potential RMA, not before the procedure. Option C is wrong because a network topology diagram shows how devices are connected but does not contain the authorization, risk assessment, or rollback steps needed for a planned hardware change. Option D is wrong because the employee handbook covers company policies and conduct, not the technical change management documentation required for server maintenance.

10
MCQmedium

A small business has no formal change management process. A technician installs a new antivirus program on a server, which later conflicts with the existing backup software, causing backups to fail. Which principle of change management was most clearly violated?

A.The change was not tested in a staging environment
B.The change was not approved by the change advisory board
C.The change was not documented or communicated to stakeholders
D.The technician did not create a rollback plan
AnswerC

Without documentation, there is no record of what changed, making troubleshooting difficult and violating the core principle of change management.

Why this answer

The scenario describes a small business with no formal change management process. The core failure is that the technician installed new antivirus software without documenting the change or communicating it to stakeholders (such as the backup administrator or other IT staff). If the change had been documented and communicated, the potential conflict with the existing backup software could have been identified and avoided.

This directly violates the principle that all changes must be documented and communicated to relevant parties, even in the absence of a formal CAB or staging environment.

Exam trap

CompTIA often tests the distinction between formal processes (like CAB approval or staging environments) and the fundamental principle of communication and documentation, leading candidates to overthink and select a more 'technical' or 'formal' answer when the scenario clearly lacks any formal structure.

How to eliminate wrong answers

Option A is wrong because while testing in a staging environment is a best practice, the question explicitly states there is 'no formal change management process,' and the primary violation is the lack of communication and documentation, not the absence of a staging environment. Option B is wrong because a Change Advisory Board (CAB) is a formal governance body typically used in larger organizations; a small business without a formal process would not have a CAB, so failing to get CAB approval is not the most clearly violated principle. Option D is wrong because although a rollback plan is important, the technician could have avoided the conflict entirely by simply communicating the change to stakeholders; the lack of a rollback plan is a secondary issue, not the core violation of change management principles.

11
MCQhard

A technician is updating the documentation for a server that had its RAID controller replaced. The technician must ensure that future technicians can quickly identify the new hardware configuration. Which type of documentation should be updated?

A.The network topology diagram.
B.The change management log.
C.The server's asset inventory record.
D.The knowledge base article for RAID troubleshooting.
AnswerC

The asset inventory or CMDB stores hardware specifications, making it easy for future technicians to identify the RAID controller.

Why this answer

The server's asset inventory record (Option C) is the correct documentation to update because it contains the detailed hardware configuration of the server, including the RAID controller model, firmware version, and disk layout. Future technicians rely on this record to quickly identify the exact hardware components without having to physically inspect the server or dig through logs. Updating the asset inventory ensures that the documented configuration matches the actual hardware, which is critical for troubleshooting, warranty claims, and future upgrades.

Exam trap

CompTIA often tests the distinction between operational documentation (like asset inventory) and process documentation (like change logs or knowledge bases), and the trap here is that candidates confuse the change management log (which tracks the change event) with the hardware configuration record (which documents the resulting state).

How to eliminate wrong answers

Option A is wrong because a network topology diagram shows how devices are connected on the network (e.g., switches, routers, IP subnets), not the internal hardware components of a server like a RAID controller. Option B is wrong because the change management log records the approval and timeline of changes (e.g., who authorized the replacement, when it occurred), but it does not serve as a quick-reference for the new hardware configuration. Option D is wrong because a knowledge base article for RAID troubleshooting provides generic guidance on resolving RAID issues, not the specific hardware details of this particular server's RAID controller.

12
MCQhard

A change advisory board (CAB) approves a network switch replacement, but the technician discovers during implementation that the new switch requires a different firmware version than documented. The change plan does not include a rollback for this scenario. What is the best course of action?

A.Proceed with the firmware update and document the change afterward.
B.Stop the implementation and contact the CAB for a revised change plan.
C.Use the old switch firmware on the new switch to match the documentation.
D.Implement the switch and create a separate change request for the firmware.
AnswerB

Halting and consulting the CAB ensures the change is properly authorized and the plan is updated to include the firmware change and rollback.

Why this answer

When an undocumented deviation occurs during a change, the technician should halt the implementation and contact the CAB for guidance. Proceeding without approval risks network instability, and the CAB can provide a revised plan or approve the firmware change.

13
MCQmedium

A customer calls the help desk complaining that their printer no longer works after a technician installed a security update on their computer. The technician checks the documentation and finds no record of the update being installed. What is the most likely cause of the missing documentation?

A.The security update was applied automatically by Windows Update.
B.The printer driver was corrupted by a virus.
C.The technician forgot to save the change log before leaving for the day.
D.The customer accidentally deleted the update history.
AnswerA

Automatic updates often bypass change management documentation unless specifically configured to be logged, which is a common oversight.

Why this answer

The most likely cause is that the security update was applied automatically by Windows Update. In many corporate environments, Windows Update is configured to install critical patches automatically without requiring manual intervention or logging in the technician's change documentation. This explains why the technician found no record of the update, even though it was installed and caused the printer driver to stop functioning.

Exam trap

The trap here is that candidates may focus on the printer driver corruption (Option B) as the direct cause of the printer failure, rather than recognizing that the missing documentation points to an automated update process as the root cause of the undocumented change.

How to eliminate wrong answers

Option B is wrong because a virus corrupting the printer driver would not explain the missing documentation; it would instead cause a different set of symptoms, such as unusual system behavior or security alerts, and the technician would likely find evidence of malware rather than a missing change log. Option C is wrong because the technician forgetting to save the change log is a procedural error, but the question states the technician checked the documentation and found no record of the update being installed—this implies the update was never documented, not that it was documented and then lost. Option D is wrong because the customer accidentally deleting the update history would affect the Windows Update history log, not the technician's change management documentation, which is maintained separately by the IT team.

14
MCQmedium

A technician is updating the documentation for a network printer that was moved to a different floor. The technician updates the asset tag in the inventory system. Which additional documentation should the technician also update to ensure accurate records?

A.The user manual for the printer
B.The network diagram showing device locations and connections
C.The company’s acceptable use policy
D.The printer’s warranty information
AnswerB

The network diagram must reflect the new location and any changes to network ports or cabling.

Why this answer

When a network printer is moved to a different floor, its physical location and network connectivity change. The network diagram is the authoritative document that records device locations, switch ports, IP addresses, and cabling paths. Updating it ensures that troubleshooting, asset tracking, and future moves remain accurate, directly supporting change management and documentation best practices.

Exam trap

CompTIA often tests the distinction between operational documentation (network diagrams, rack layouts, IP address management) and administrative or policy documents (user manuals, warranties, acceptable use policies) to see if candidates understand which records are directly impacted by a physical move.

How to eliminate wrong answers

Option A is wrong because the user manual is a generic reference document that does not change when a device is relocated; it contains operational instructions, not location or connectivity records. Option C is wrong because the acceptable use policy governs how employees may use company resources, not the physical or logical placement of hardware. Option D is wrong because warranty information is tied to the device's serial number and purchase date, not its physical location; moving the printer does not affect warranty terms.

15
MCQmedium

A security incident occurs when an unauthorized user gains access to a server because a technician left a default password unchanged after a system rebuild. The rebuild was documented, but the password change was not. What documentation failure does this highlight?

A.The change log did not include a rollback plan.
B.The change log did not list the specific configuration changes made.
C.The change request was not approved by the change advisory board.
D.The technician did not perform a post-implementation review.
AnswerB

The rebuild documentation should have included all configuration changes, such as password updates, to ensure security and accountability.

Why this answer

Option B is correct because the documentation failure is that the change log did not list the specific configuration changes made. In this scenario, the system rebuild was documented, but the critical detail of changing the default password was omitted. Proper change management requires that every configuration change, including password updates, be explicitly recorded in the change log to ensure accountability and traceability.

Without this record, the security incident occurred due to an undocumented deviation from security best practices.

Exam trap

CompTIA often tests the distinction between a change log's requirement to list specific changes versus broader change management processes like approval or review, leading candidates to confuse a documentation failure with a procedural one.

How to eliminate wrong answers

Option A is wrong because a rollback plan is not the primary issue here; the failure is the omission of the password change from the documentation, not the absence of a procedure to revert changes. Option C is wrong because the question does not indicate that the change request lacked approval from the change advisory board (CAB); the issue is the incomplete documentation of the change itself. Option D is wrong because a post-implementation review (PIR) would occur after the change is completed, but the core failure is that the password change was never recorded in the change log, which is a documentation failure that precedes any review.

16
MCQhard

A company’s change management policy states that all changes must be reviewed by the CAB. An urgent security vulnerability is discovered that requires an immediate patch to a critical database server. The CAB is not available for 24 hours. What is the best course of action?

A.Wait for the CAB to meet and approve the change
B.Apply the patch immediately and document it as an emergency change
C.Apply the patch but do not document it to avoid policy violation
D.Disconnect the server from the network until the CAB meets
AnswerB

Emergency changes allow for immediate action with retrospective approval, balancing security and process.

Why this answer

Option B is correct because the change management policy includes an emergency change process for urgent security vulnerabilities. Applying the patch immediately and documenting it as an emergency change aligns with ITIL best practices and the company's policy, ensuring the vulnerability is mitigated without delay while maintaining compliance through post-implementation review.

Exam trap

CompTIA often tests the misconception that all changes must wait for CAB approval, ignoring the emergency change process explicitly defined in ITIL and many corporate policies.

How to eliminate wrong answers

Option A is wrong because waiting 24 hours for the CAB leaves the critical database server exposed to the security vulnerability, which could lead to data breach or system compromise. Option C is wrong because applying the patch without documentation violates the change management policy and creates an audit trail gap, potentially leading to compliance issues and inability to track changes. Option D is wrong because disconnecting the server from the network disrupts business operations and does not resolve the vulnerability; the patch must still be applied, and the server remains vulnerable when reconnected.

17
MCQeasy

A customer reports that their workstation is running slowly after a recent group policy update. The change log indicates the update added new security settings. What is the most appropriate documentation step for the technician to take after resolving the issue?

A.Note the resolution in the change log and close the ticket.
B.Delete the change log entry to avoid confusion.
C.Send an email to the user explaining the fix.
D.Create a new change request to revert the group policy.
AnswerA

Updating the change log with the resolution is a key part of documentation, ensuring the change history is complete.

Why this answer

Option A is correct because, after resolving the issue, the technician must document the resolution in the change log to maintain an accurate audit trail of changes and their outcomes. This aligns with change management best practices, ensuring that future technicians can see what was done to fix the problem and avoid repeating the same troubleshooting steps. Closing the ticket after documenting the resolution completes the incident management lifecycle.

Exam trap

The trap here is that candidates may confuse the informal step of notifying the user (Option C) with the formal documentation requirement, or they may think that reverting the policy (Option D) is necessary without first verifying that the issue is fully resolved and documented.

How to eliminate wrong answers

Option B is wrong because deleting the change log entry violates change management policy by destroying the audit trail, making it impossible to track what changes were made and why. Option C is wrong because while notifying the user is courteous, it is not the most appropriate documentation step; the primary documentation requirement is updating the formal change log, not sending an informal email. Option D is wrong because creating a new change request to revert the group policy is premature and unnecessary; the issue has already been resolved, and reverting the policy without analysis could reintroduce security vulnerabilities or break other configurations.

18
MCQeasy

A customer reports that after a recent software update, their accounting application crashes every time they try to generate a report. The technician checks the change log and finds no record of any update being approved for that application. What should the technician do first?

A.Restore the application from the last known good backup.
B.Document the unauthorized change and escalate it to the change advisory board.
C.Uninstall the update and reinstall the previous version of the application.
D.Contact the software vendor to request a patch for the crash.
AnswerB

Proper change management requires documenting unauthorized changes and escalating them for review before any corrective action is taken.

Why this answer

The technician found an unauthorized change (the update) with no approval record. The first step in change management is to document and escalate the unauthorized change to the Change Advisory Board (CAB) to assess impact, determine root cause, and authorize remediation. Restoring or reinstalling without CAB approval could violate change control policies and introduce additional risks.

Exam trap

CompTIA often tests the distinction between technical troubleshooting and process compliance, trapping candidates who jump to a technical fix (restore, uninstall, or patch) instead of following the documented change management procedure.

How to eliminate wrong answers

Option A is wrong because restoring from backup without first documenting and escalating the unauthorized change bypasses the change management process and could reintroduce the same issue if the backup also contains the unauthorized update. Option C is wrong because uninstalling the update and reinstalling the previous version is a technical action that should only be performed after the CAB has reviewed and approved the remediation plan, as it may affect other dependencies or compliance. Option D is wrong because contacting the vendor for a patch assumes the crash is a known software defect, but the root cause is an unauthorized change that must be addressed through change management first, not a vendor-supported fix.

19
MCQmedium

A technician is tasked with replacing a faulty power supply in a desktop computer that is part of a critical patient record system at a clinic. Before starting, the technician reviews the change management policy. Which step should the technician perform first?

A.Power off the workstation and disconnect all cables
B.Submit a change request to the change advisory board (CAB)
C.Back up the patient records to an external drive
D.Notify the clinic staff that the system will be offline
AnswerB

Formal approval from the CAB ensures the change is reviewed for risks and scheduled appropriately.

Why this answer

Option B is correct because the change management policy requires that any modification to a system handling critical patient records must first be formally approved via a change request submitted to the Change Advisory Board (CAB). This ensures that risks are assessed, downtime is scheduled, and compliance with healthcare data regulations (e.g., HIPAA) is maintained before any physical work begins.

Exam trap

CompTIA often tests the misconception that immediate physical safety steps (like powering off) or data backup should come first, but the exam emphasizes that change management approval is the mandatory initial step in any planned maintenance on a critical system.

How to eliminate wrong answers

Option A is wrong because powering off and disconnecting cables before obtaining change approval violates the change management process, potentially causing unauthorized downtime and data access risks. Option C is wrong because backing up patient records is a data protection step that should be performed after the change is approved, not before; the technician must first secure authorization to proceed. Option D is wrong because notifying clinic staff of an outage without prior CAB approval could disrupt critical operations and bypass the formal communication and scheduling protocols required by the change management policy.

20
MCQmedium

A technician is documenting a configuration change to a firewall rule that allows remote access for a new employee. The technician must ensure the documentation is clear for future audits. Which of the following is the most critical piece of information to include?

A.The exact date and time the rule was added.
B.The IP address of the new employee's remote location.
C.The business justification for the rule.
D.The name of the technician who made the change.
AnswerC

The justification explains the need for the change and is essential for audit compliance and future review.

Why this answer

Option C is correct because change management documentation must include the business justification to demonstrate that the change was authorized and necessary. Without a clear reason, auditors cannot verify that the firewall rule complies with organizational security policy or regulatory requirements. The business justification provides the context needed to distinguish legitimate changes from unauthorized or malicious modifications.

Exam trap

CompTIA often tests the principle that operational details (who, when, where) are less critical than the business justification in change management documentation, tempting candidates to choose the most concrete or easily recorded detail instead of the most audit-relevant one.

How to eliminate wrong answers

Option A is wrong because while the date and time are useful for tracking, they are not the most critical piece; auditors need the 'why' behind the change, not just the 'when'. Option B is wrong because the remote employee's IP address may be dynamic or subject to change, and including it without the business justification does not prove the rule was authorized; the justification is what validates the rule's purpose. Option D is wrong because the technician's name is secondary to the business justification; knowing who made the change is less important than understanding why the change was made, and auditors focus on authorization and necessity, not just attribution.

21
MCQhard

A technician is preparing to deploy a security patch to 50 workstations. The change request has been approved, and the patch has been tested on a pilot group. During the deployment, five workstations fail to install the patch. What should the technician do next according to change management best practices?

A.Continue deploying to the remaining workstations and troubleshoot the failures later
B.Halt the deployment and execute the rollback plan for the failed workstations
C.Force the patch to install using administrative tools
D.Submit a new change request for the failed workstations
AnswerB

Halting and rolling back is the correct response to mitigate risk and adhere to the change plan.

Why this answer

According to change management best practices, when a deployment encounters failures, the immediate priority is to halt the deployment to prevent further issues and then execute the rollback plan to restore the failed workstations to their previous known-good state. This ensures stability and minimizes disruption, as the rollback plan was already defined and approved as part of the change request. Continuing or forcing the patch could lead to system instability or security vulnerabilities.

Exam trap

CompTIA often tests the misconception that troubleshooting can be deferred or that a new change request is required for each failure, when in fact the approved change request already covers rollback procedures for failed deployments.

How to eliminate wrong answers

Option A is wrong because continuing the deployment while ignoring failures violates the change management principle of risk mitigation; it could propagate errors or leave systems in an inconsistent state, making later troubleshooting more complex. Option C is wrong because forcing the patch installation with administrative tools bypasses the tested deployment process and could cause system corruption or incompatibility, especially if the failures indicate a deeper issue like driver conflicts or missing dependencies. Option D is wrong because submitting a new change request for only five workstations is unnecessary and inefficient; the existing approved change request already includes a rollback plan for handling failures, and a new request would delay resolution without adding value.

22
MCQeasy

During a routine security audit, a technician discovers that a server was patched out of the approved maintenance window. The patch was applied by a junior admin who was not authorized. What is the most important step to include in the incident documentation?

A.The name of the junior admin who applied the patch.
B.The reason the patch was applied outside the maintenance window.
C.The exact time the patch was applied.
D.The patch's version number and source.
AnswerB

Documenting the justification helps the change advisory board understand the context and decide whether to approve the change retroactively.

Why this answer

The most important step in incident documentation is to capture the reason the patch was applied outside the approved maintenance window. This directly addresses the root cause of the unauthorized change, which is critical for post-incident review, process improvement, and preventing recurrence. Without the reason, the documentation fails to support a meaningful root cause analysis (RCA) and corrective action planning.

Exam trap

CompTIA often tests the distinction between documenting what happened versus why it happened, and the trap here is that candidates focus on technical details (time, version, person) instead of the root cause reason that drives corrective action.

How to eliminate wrong answers

Option A is wrong because while the name of the junior admin may be noted for accountability, it is not the most important element for understanding the incident's cause and preventing future occurrences. Option C is wrong because the exact time, though useful for timeline reconstruction, does not explain why the change was made outside policy. Option D is wrong because the patch version and source are technical details that help identify the change but do not address the procedural violation or its underlying motivation.

23
MCQmedium

A company’s change management policy requires all changes to be approved by the Change Advisory Board (CAB) before implementation. A technician applies an emergency security patch to a critical server without CAB approval because the vulnerability is being actively exploited. What should the technician do after applying the patch?

A.Wait for the next CAB meeting to report the change.
B.Document the change and submit an emergency change request for retroactive approval.
C.Revert the patch and wait for CAB approval.
D.Delete the change log entry to avoid accountability.
AnswerB

This follows the correct procedure for emergency changes: document and seek retroactive approval from the CAB.

Why this answer

Even in emergency changes, documentation and retroactive approval are required. The technician must document the change and notify the CAB as soon as possible to obtain retroactive approval, ensuring compliance with change management policies.

24
MCQmedium

A help desk technician receives a complaint that a user’s custom software application stopped working after a Windows update was installed automatically overnight. The technician checks the system and finds the update is not in the approved change log. What should the technician do next?

A.Reinstall the custom application immediately
B.Roll back the Windows update and document the incident
C.Leave the update in place and submit a new change request for the application
D.Disable Windows Update on the workstation permanently
AnswerB

Rolling back the update restores the previous working state, and documentation helps prevent future unauthorized updates.

Why this answer

Option B is correct because the update was installed without authorization (not in the approved change log), violating change management policy. The technician should immediately roll back the update to restore application functionality and then document the incident to ensure proper change control procedures are followed. This aligns with the CompTIA A+ change management process: identify the unauthorized change, reverse it, and report it.

Exam trap

The trap here is that candidates may think restoring functionality (Option A) or preventing future updates (Option D) is the priority, but CompTIA emphasizes that following change management documentation and incident reporting is the correct first step, not just fixing the symptom.

How to eliminate wrong answers

Option A is wrong because reinstalling the custom application does not address the root cause (the unauthorized Windows update) and may waste time if the update breaks the application again. Option C is wrong because leaving an unauthorized update in place bypasses change management controls and could cause further instability; a new change request should be submitted before, not after, the change is applied. Option D is wrong because permanently disabling Windows Update leaves the system vulnerable to security patches and is an overreaction; the proper response is to manage updates through an approved change process, not disable the service entirely.

25
MCQhard

A technician is reviewing the change management log and finds that a previous change to the email server was marked as 'completed' but the email service has been intermittent since then. The technician suspects the change was not fully tested. Which step in the change management process was most likely skipped?

A.The change request was not submitted
B.The change was not approved by the CAB
C.A post-implementation review was not conducted
D.The rollback plan was not documented
AnswerC

A post-implementation review would have caught the intermittent issue and prevented the change from being marked as completed.

Why this answer

Option C is correct because a post-implementation review (PIR) is the step where the change is verified to have met its objectives without causing adverse effects. Since the email service became intermittent after the change was marked 'completed', the lack of a PIR means the change was not validated in production, allowing the underlying issue to go undetected. In the CompTIA change management process, the PIR ensures that the change has been fully tested and that any residual problems are identified and addressed before the change is closed.

Exam trap

CompTIA often tests the distinction between the approval step and the validation step, trapping candidates who assume that a completed change must have been approved, when the real issue is the failure to verify the change's success through a post-implementation review.

How to eliminate wrong answers

Option A is wrong because the change was logged in the change management log as 'completed', which implies a change request was submitted and processed; the issue is not the absence of a request but the lack of validation after implementation. Option B is wrong because CAB approval is typically required for high-risk or significant changes, but the email server change was already approved and implemented; the skipped step is the verification of success, not the approval itself. Option D is wrong because while a rollback plan is important for reverting a failed change, the problem here is that the change was not fully tested and its impact was not assessed post-implementation; a documented rollback plan would not have prevented the intermittent service if the root cause was not identified during testing.

26
MCQeasy

A small business is deploying a new accounting application across five workstations. The IT lead creates a detailed change request that includes the purpose, scope, risk assessment, and rollback plan. Which document should the IT lead update immediately after the deployment is successfully completed?

A.The firewall configuration log
B.The change request form
C.The employee handbook
D.The backup verification checklist
AnswerB

The change request form is the primary document that tracks the lifecycle of a change, including its completion status.

Why this answer

The change request form is the central document that tracks the entire lifecycle of a change, including planning, approval, implementation, and post-implementation review. Once the deployment is successfully completed, the IT lead must update the change request form to mark it as 'Closed' or 'Completed,' documenting the actual outcome, any deviations, and the final status. This ensures an accurate audit trail for compliance and future troubleshooting, as required by ITIL-based change management processes.

Exam trap

CompTIA often tests the misconception that a technical log or checklist (like a backup verification checklist) is the immediate post-deployment update, but the correct answer is always the formal change management document that captures the entire change lifecycle.

How to eliminate wrong answers

Option A is wrong because the firewall configuration log is a security-specific record that would only be updated if firewall rules were modified as part of the deployment; the question describes a standard application installation with no mention of firewall changes. Option C is wrong because the employee handbook is a general HR policy document that outlines company rules and procedures, not a technical record for tracking IT changes or deployments. Option D is wrong because the backup verification checklist is used to confirm that backups were successfully created before or after a change, but it is not the primary document for recording the completion and outcome of a change request.

27
MCQmedium

A company’s change management policy requires that all changes be categorized as standard, emergency, or normal. During a server migration, a technician discovers a critical security patch must be applied immediately to prevent a data breach. Which type of change should the technician request?

A.Standard change
B.Emergency change
C.Normal change
D.Service request
AnswerB

An emergency change is designed for situations that require immediate action to prevent major issues, like a security breach.

Why this answer

The scenario describes a critical security patch that must be applied immediately to prevent a data breach, which aligns with the definition of an emergency change. Emergency changes are pre-approved or fast-tracked to address urgent threats or service outages, bypassing the normal change advisory board (CAB) review process. This ensures the patch can be deployed without delay to mitigate the risk.

Exam trap

CompTIA often tests the distinction between 'emergency' and 'standard' changes by presenting a time-sensitive scenario where candidates mistakenly classify a critical patch as a standard change because it is a routine security update, ignoring the 'immediate' and 'critical' context.

How to eliminate wrong answers

Option A is wrong because a standard change is a low-risk, pre-approved change that follows a documented procedure (e.g., applying routine OS updates), not an urgent security patch requiring immediate action. Option C is wrong because a normal change requires full CAB review and scheduling, which would introduce unacceptable delay for a critical security vulnerability. Option D is wrong because a service request is a user-initiated request for information, access, or a standard service (e.g., password reset), not a change to the IT infrastructure like applying a security patch.

28
MCQmedium

A technician is tasked with upgrading the operating system on ten identical workstations. The change advisory board has approved the upgrade. After completing the first workstation, the technician notices the new OS causes a critical line-of-business application to fail. What should the technician do next?

A.Continue upgrading the remaining workstations since the change was approved.
B.Restore the first workstation to the previous OS and complete the rest without changes.
C.Report the failure to the change advisory board and pause further upgrades.
D.Research a hotfix for the application and apply it to all workstations.
AnswerC

Reporting the issue allows the CAB to evaluate the risk, possibly modify the rollout plan, or find a workaround before proceeding.

Why this answer

This question tests the change management process when an approved change causes unexpected issues. The correct action is to stop the rollout and document the problem so the CAB can reassess the change.

29
MCQeasy

A technician is tasked with installing a security patch on 50 company laptops. The change management process requires a full system backup before any patch installation. During the backup of the first laptop, the backup fails due to insufficient disk space. What should the technician do?

A.Skip the backup for this laptop and proceed with the patch installation.
B.Free up disk space by deleting temporary files and retry the backup.
C.Install the patch anyway and create a manual restore point.
D.Report the failure to the change manager and request an exception.
AnswerB

This is a reasonable troubleshooting step to meet the backup requirement, and if successful, allows the technician to comply with policy.

Why this answer

Option B is correct because the change management process explicitly requires a full system backup before patch installation. Deleting temporary files is a standard, low-risk method to free disk space and retry the backup, ensuring compliance without violating policy. This approach maintains data integrity and follows the established procedure.

Exam trap

CompTIA often tests the candidate's understanding that change management policies are mandatory and must be followed, not circumvented, and that troubleshooting steps should be taken before escalating to management.

How to eliminate wrong answers

Option A is wrong because skipping the backup violates the mandatory change management requirement, risking data loss if the patch causes issues. Option C is wrong because installing the patch without a full backup and relying on a manual restore point does not satisfy the policy for a complete system backup, and a restore point may not capture all system state. Option D is wrong because reporting the failure and requesting an exception is premature; the technician should first attempt to resolve the disk space issue, as the process expects troubleshooting before escalation.

30
MCQeasy

A user reports that after a recent software update, their inventory management application crashes on launch. The change log shows the update was applied last night by a junior technician. What is the first step the technician should take according to change management best practices?

A.Restore the user’s system from a backup taken before the update.
B.Check the change log for the update details and rollback procedure.
C.Uninstall the update immediately to restore functionality.
D.Escalate the issue to the IT manager for a decision.
AnswerB

The change log should contain the change details, approval, and rollback plan, making it the correct first step to assess the situation.

Why this answer

Option B is correct because change management best practices require that before any action is taken, the technician should first consult the change log to understand what was changed and identify the documented rollback procedure. This ensures a controlled, reversible approach rather than risking data loss or further instability by acting without full knowledge of the update's scope.

Exam trap

CompTIA often tests the misconception that immediate restoration or uninstallation is the fastest fix, but the trap here is that candidates overlook the critical first step of consulting the change log to understand the update's scope and the documented rollback procedure before taking any action.

How to eliminate wrong answers

Option A is wrong because immediately restoring from backup is a reactive step that should only be taken after reviewing the change log and rollback plan; it may also be unnecessary if a simpler rollback exists. Option C is wrong because uninstalling the update without first checking the change log could leave the system in an inconsistent state or miss dependencies that require a specific rollback order. Option D is wrong because escalating to the IT manager bypasses the technician's responsibility to first gather information from the change log, which is a standard first step in incident response per change management frameworks.

Ready to test yourself?

Try a timed practice session using only Documentation and Change Management questions.