🏠 Back to Exam Syllabus πŸ“Ί RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 16.6 - Perform Configuration Management

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series covers how to keep systems in a known, secure state, a discipline central to Domain 7. It explains what configuration management is for, how to provision and harden a new system, what a baseline is, how images deploy that baseline, and how automation scales secure settings across an entire fleet.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What is configuration management for?

It ensures systems start in a secure, consistent state and stay there over time. Left to defaults, systems drift apart and quietly accumulate weaknesses, so configuration management fights that drift by defining a known-good setup and enforcing it everywhere. Think of a restaurant kitchen with a written recipe for every dish: without it each cook improvises and quality swings wildly, but with it every plate comes out the same, which keeps a large environment defensible.

How do you provision and harden a new system?

By installing what you need and then locking down everything you do not. Provisioning sets up the operating system and applications, but the defaults typically leave too much exposed, so you harden the system for its role. Disable every unused service, close the unused ports, strip out applications nobody needs including extras that installers sneak in, and change every default password because attackers already know them all.

What is a baseline?

A baseline is your defined starting configuration, the master list of settings for a given kind of system, like the recipe made explicit. A file server baseline captures exactly how to harden a file server, while a desktop gets its own different baseline. It is a starting point, not a straitjacket, so administrators still tweak it for particular machines, but every system of a type begins from the same secure, deliberate footing.

How do images deploy a baseline?

Through a simple three-step process. First, an administrator builds one gold system, installing the operating system and applications, applying all the security settings, then testing it thoroughly. Second, they capture an image of that system and store it on a server. Third, they deploy that image onto new machines, adding small finishing touches like unique names. A prebuilt image drops on in minutes and lets you re-image a corrupted system fast, but guard the images because malware in a gold image spreads to everything.

How does automation scale configuration across the fleet?

By layering automated tweaks on top of a common image. You might deploy one base image to every desktop, then use automation to add the extra applications or settings each department needs. A central policy tool lets you configure a setting once and push it to every machine in the domain, or to just one group like all the file servers. Automation can even reach deeper settings to blunt specific attacks, disabling risky scripting tools while switching on extra logging.

πŸ“š Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 16.6 - Perform Configuration Management.