nerdexam
ExamsCAS-001Questions#202
CompTIA

CAS-001 · Question #202

CAS-001 Question #202: Real Exam Question with Answer & Explanation

The correct answer is B: Implementation. In the NIST SDLC framework, the Implementation phase is where a system is installed, configured, and prepared for operation. Key security activities at this phase include: user security awareness training, social engineering training, and formal management authorization (Certific

Question

A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior Management must also formally approve of the system prior to it going live. In which of the following phases would these security controls take place?

Options

  • AOperations and Maintenance
  • BImplementation
  • CAcquisition and Development
  • DInitiation

Explanation

In the NIST SDLC framework, the Implementation phase is where a system is installed, configured, and prepared for operation. Key security activities at this phase include: user security awareness training, social engineering training, and formal management authorization (Certification & Accreditation) before the system goes live. Initiation covers early planning and feasibility. Acquisition/Development covers design and building the system. Operations & Maintenance covers day-to-day running after go-live. Because the training and formal senior management approval occur just before the system goes into production, this maps to the Implementation phase.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice