The best answer is C. Software is migrated to a cloud that offers increased flexibility in its updates .
A change management policy governs how system changes are requested, approved, tested, documented, and implemented. Moving software to a cloud environment often changes how updates are delivered and managed, especially when the cloud platform supports:
faster release cycles
automated deployments
infrastructure as code
continuous integration and continuous delivery
more frequent configuration changes
Because the operational model changes, the organization may need to revise its change management policy to reflect new workflows, approval processes, rollback procedures, and maintenance practices.
Why the other options are incorrect:
A. An engineer adds a new feature to the production service. This is an example of a change that should follow the policy, not necessarily a reason to revise the policy itself.
B. A production server continuously runs at its maximum load. This is a performance or capacity issue, not a direct trigger to revise change management policy.
D. A legacy server lacks support for new regulatory requirements. This is a compliance and modernization issue, but it does not most directly indicate that the change management policy itself must be revised.
From a Security+ perspective, significant changes to how systems are updated and maintained, especially through cloud migration, are a strong reason to update governance policies. Therefore, C is correct.
