A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers.
Which of the following BEST describes the contents of the supporting document the engineer is creating?
A. A series of ad-hoc tests that each verify security control functionality of the entire system at once.
B. A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.
C. A set of formal methods that apply to one or more of the programing languages used on the development project.
D. A methodology to verify each security control in each unit of developed code prior to committing the code.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
B & D are both correct. This is, yet another, unfair question. If everybody passed the exam, the exam would be seen as worthless. CompTIA needs to insure that cannot happen.
B:
Security Requirements Traceability Matrix (SRTM)
Other documents, such as the security requirements traceability matrix (SRTM), adopt
a grid format for easier viewing. The SRTM is a matrix of what is required for a system’s
security combined with the person responsible for seeing to it that the requirement is met.
For any technical projects where security is mandatory, you need the SRTM to ensure
both that the security requirements are specified and that there is accountability for each
requirement to be completed. SRTM includes the word traceability, a document property
applicable for any project because it establishes a person or team to be traced back to each
requirement or item.
B.
A security requirements traceability matrix (SRTM) is a grid that allows documentation and easy viewing of what is required for a system’s security. SRTMs are necessary in technical projects that call for security to be included. Traceability matrixes in general can be used for any type of project, and allow requirements and tests to be easily traced back to one another. The matrix is a way to make sure that there is accountability for all processes and is an effective way for a user to ensure that all work is being completed.
D