A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization’s file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access implemented within the file system.
Which of the following is MOST likely to be reviewed during the assessment? (Select two.)
A. Access control list
B. Security requirements traceability matrix
C. Data owner matrix
D. Roles matrix
E. Data design document
F. Data access policies
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
D&F
A, B, and C are all subsets of D – So D is the best choice
E. is irrelevant
F. Is the policy D should comply with.
Answer D and B
SRTM is just a matrix of the controls being implemented,and to track progress. A) Access Control lists will show who has access to the file servers, etc…; F) Data Access Policies (access implemented) show how to access the file servers, etc..
A F
can you explain your choice?
Should be B and F – SRTM discusses access requirements