CompTIA
CAS-003 · Question #114
CAS-003 Question #114: Real Exam Question with Answer & Explanation
The correct answer is A: Establish the security control baseline. A security baseline is the minimum level of security that a system, network, or device must adhere to. It is the initial point of reference for security and the document against which assessments would be done.
Question
A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications' compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted?
Options
- AEstablish the security control baseline
- BBuild the application according to software development security standards
- CReview the results of user acceptance testing
- DConsult with the stakeholders to determine which standards can be omitted
Explanation
A security baseline is the minimum level of security that a system, network, or device must adhere to. It is the initial point of reference for security and the document against which assessments would be done.
Community Discussion
No community discussion yet for this question.