nerdexam
ExamsCAS-002Questions#197
CompTIA

CAS-002 · Question #197

CAS-002 Question #197: Real Exam Question with Answer & Explanation

The correct answer is D: To allow certifiers to verify the network meets applicable security requirements. An SRTM traces security requirements to implemented controls, providing certifiers with the evidence needed to verify that all applicable security requirements are satisfied.

Question

A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario?

Options

  • ATo ensure the security of the network is documented prior to customer delivery
  • BTo document the source of all functional requirements applicable to the network
  • CTo facilitate the creation of performance testing metrics and test plans
  • DTo allow certifiers to verify the network meets applicable security requirements

Explanation

An SRTM traces security requirements to implemented controls, providing certifiers with the evidence needed to verify that all applicable security requirements are satisfied.

Common mistakes.

  • A. Documentation for customer delivery is a project management deliverable and does not describe the certification and accreditation-focused purpose of an SRTM.
  • B. Documenting the source of all functional requirements is the role of a general requirements traceability matrix (RTM); an SRTM specifically traces security requirements to controls, not the origin of all functional requirements.
  • C. Performance testing metrics and test plans are derived from performance requirements and test planning documents, not from a security requirements traceability matrix.

Concept tested. Security Requirements Traceability Matrix purpose in certification

Reference. https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice