Chapter 9 Β· Examples

Real-World & Exam Scenarios

Change management in practice β€” the risks of skipping process, seasonal freezes, and the owner vs. implementer distinction.

Example 1: The Unplanned "Quick Fix" Disaster

Scenario: A developer notices a bug in the payroll application on a Friday afternoon. With payroll running Monday, they decide to push a "quick fix" directly to production without a change request, reasoning it's too minor to bother with process.
What happens: The fix works for the bug but silently alters a database stored procedure. On Monday, payroll runs β€” but overtime calculations produce wrong results for 800 employees. The error goes undetected until the following week when employees report incorrect paychecks. The rollback requires restoring a database backup from before the undocumented change, causing a full payroll rerun.
Key point: Even "minor" changes need process. The change management form would have required identifying the database dependency. The sandbox test would have caught the stored procedure issue. The "quick fix" cost more time than the formal process would have.

Example 2: Retail Change Freeze in Action

Scenario: It's November 15th. A network engineer wants to upgrade the firewall firmware β€” a straightforward update with a security patch. The maintenance window is approved. Then the CCB looks at the calendar.
What happens: The CCB denies the request. The organization is a retail company and Black Friday is in 10 days. The change freeze runs Thanksgiving through January 2nd. The firmware upgrade is rescheduled for January 5th. The engineer is frustrated β€” but the CCB is right. A failed firewall upgrade during peak shopping season could take down the e-commerce platform during the highest-revenue week of the year.
Key point: Change freezes exist to protect the organization during high-risk periods. A security patch can wait two weeks. A crashed production system during peak revenue cannot be easily recovered. Risk timing is part of the CCB's evaluation.

Example 3: The Backout Plan That Saved the Night

Scenario: A sysadmin is upgrading an application server during a Sunday overnight window. The upgrade installs but the application fails to start. It's 3 AM. The maintenance window ends at 6 AM.
What happens β€” WITHOUT a backout plan: The sysadmin scrambles, tries various fixes, eventually reaches out to the vendor. By 6 AM, the system is still down. Users arrive at 8 AM to find the application unavailable. It takes until noon to restore. 4 hours of production downtime.

What happens β€” WITH a backout plan: At 3:15 AM, the sysadmin recognizes the upgrade failed. Follows the documented 6-step backout procedure. By 3:45 AM, the system is restored to the previous version and fully functional. Users notice nothing. The upgrade is rescheduled with a vendor support call pre-arranged.
Key point: The backout plan must be written before the change, tested in sandbox, and executed without hesitation when needed. "We'll figure it out if it fails" is not a backout plan.

Exam Scenario 1: "Who owns the change?"

Question: The HR department requests that IT upgrade their performance management software. Who owns the change control process?

A) The IT department, because they perform the upgrade
B) The HR department, because they requested and will use the system
C) The Change Control Board, because they approve all changes
D) The software vendor, because they provided the update

Answer: B β€” HR department
The owner is the department that initiates and needs the change β€” HR. They manage the process and perform acceptance testing afterward. IT performs the technical implementation but does not own the change. The CCB approves but does not own.

Exam Scenario 2: "Why test in a sandbox?"

Question: Before deploying a critical OS patch to 500 servers, a sysadmin installs it on a separate VM that mirrors the production environment. What is the PRIMARY purpose of this action?

A) To permanently replace the production environment
B) To test the change and validate the backout plan without risking production
C) To comply with vendor licensing requirements
D) To provide a backup copy of the production servers

Answer: B
The sandbox lets you verify the change works as expected AND validate the rollback procedure β€” all without any risk to live systems.