CompTIA
CAS-002 · Question #598
CAS-002 Question #598: Real Exam Question with Answer & Explanation
The correct answer is C: Security requirements traceability matrix (SRTM). A Security Requirements Traceability Matrix (SRTM) is specifically designed to verify that security requirements defined at project inception are carried through every SDLC phase into final implementation.
Question
SDLC is being used for the commissioning of a new platform. To provide an appropriate level of assurance the security requirements that were specified at the project origin need to be carried through to implementation. Which of the following would BEST help to determine if this occurred?
Options
- ARequirements workshop
- BSecurity development lifecycle (SDL)
- CSecurity requirements traceability matrix (SRTM)
- DSecure code review and penetration test
Explanation
A Security Requirements Traceability Matrix (SRTM) is specifically designed to verify that security requirements defined at project inception are carried through every SDLC phase into final implementation.
Common mistakes.
- A. A requirements workshop is used to elicit and define requirements at the beginning of a project, not to verify that requirements were carried through to implementation.
- B. The Security Development Lifecycle (SDL) is a process framework for embedding security activities into development phases, not a verification artifact for tracing individual requirements.
- D. Secure code review and penetration testing validate the security quality of the implemented code but do not trace implemented controls back to the original documented security requirements.
Concept tested. Security requirements traceability matrix across SDLC phases
Reference. https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final
Community Discussion
No community discussion yet for this question.