CompTIA
CAS-002 · Question #351
CAS-002 Question #351: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-002 to reveal the answer and full explanation for question #351. The question stem and answer options stay visible for context.
Question
A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications' compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? (Select TWO).
Options
- AEstablish the security control baseline to be assessed
- BBuild the application according to software development security standards
- CWrite the systems functionality requirements into the security requirements traceability
- DReview the results of user acceptance testing
- ECategorize the applications according to use
- FConsult with the stakeholders to determine which standards can be omitted
Unlock CAS-002 to see the answer
You've previewed enough free CAS-002 questions. Unlock CAS-002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.