A backout plan consists of specific procedures to revert a system to its last known-good state if a change implementation is unsuccessful. The scenario describes a failed change that extended beyond the maintenance window, impacting customers. Executing a pre-planned and tested backout plan would have allowed the team to quickly restore the original configuration once the failure was identified, thus preventing the extended outage and customer impact. This plan is a critical component of change management designed specifically for this type of contingency.

A. User notification: This is a communication step to inform users about planned maintenance; it does not provide a technical remedy for a failed change.

B. Change approval: This is a procedural step that occurs before the change is implemented to authorize it. It does not address how to recover from a failure during implementation.

C. Risk analysis: This process identifies potential problems before the change. While it might identify the risk of failure, it is not the actionable plan used to recover from that failure.

1. CompTIA Security+ SY0-701 Exam Objectives

Version 4.0

Objective 3.2: "Summarize the importance of change management processes and the impacts to security." This section explicitly lists "Backout/rollback plans" as a key element of the change management process.

2. National Institute of Standards and Technology (NIST) Special Publication 800-128

Guide for Security-Focused Configuration Management of Information Systems

Section 3.4.5

"Change Implementation": "If the change is not successful

the organization should follow its back-out plan to restore the system to its original state."

3. Carnegie Mellon University

Software Engineering Institute

CMU/SEI-2010-TR-017

A Framework for Classifying and Comparing Architecture-Centric Change Management Approaches

Section 3.2.2

"Change Execution": "If the change implementation fails

the change is rolled back to the previous state of the system." This highlights rollback (backout) as the standard response to a failed implementation.