nerdexam
ExamsCAS-002Questions#188
CompTIA

CAS-002 · Question #188

CAS-002 Question #188: Real Exam Question with Answer & Explanation

The correct answer is C: Introduce an ESA framework. An Enterprise Security Architecture (ESA) framework provides the formalized methodology needed to incorporate business drivers, capabilities, baselines, and reusable patterns for consistent security design.

Question

A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re usable patterns into account. Which of the following would BEST help to achieve these objectives?

Options

  • AConstruct a library of re-usable security patterns
  • BConstruct a security control library
  • CIntroduce an ESA framework
  • DInclude SRTM in the SDLC

Explanation

An Enterprise Security Architecture (ESA) framework provides the formalized methodology needed to incorporate business drivers, capabilities, baselines, and reusable patterns for consistent security design.

Common mistakes.

  • A. A library of reusable security patterns covers only one component of the needed methodology and does not address business driver alignment, capability modeling, or baseline governance.
  • B. A security control library catalogs individual controls but does not provide the architectural methodology needed to translate business requirements into consistent, high-quality security designs.
  • D. Including an SRTM (Security Requirements Traceability Matrix) in the SDLC improves requirements tracking within development projects but is not a broad architectural framework addressing the full scope of the problem described.

Concept tested. Enterprise Security Architecture framework for design consistency

Reference. https://www.sabsa.org/the-sabsa-framework/

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice