A security engineer is a new member to a configuration board at the request of management The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications’ compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? (Select two).
A. Establish the security control baseline
B. Build the application according to software development security standards
C. Review the results of user acceptance testing
D. Consult with the stakeholders to determine which standards can be omitted
E. Categorize the applications according to use
F. Write the systems functionality requirements into the security requirements traceability matrix
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
