CompTIA CASP+ (CAS-003) — Question 121

A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers.
Which of the following BEST describes the contents of the supporting document the engineer is creating?

Answer options

• A. A series of ad-hoc tests that each verify security control functionality of the entire system at once.
• B. A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.
• C. A set of formal methods that apply to one or more of the programing languages used on the development project.
• D. A methodology to verify each security control in each unit of developed code prior to committing the code.

Correct answer: D

Explanation

The correct answer, D, describes a methodology that ensures security controls are verified for each unit of code before it is committed, which is crucial for maintaining security throughout the development process. Options A and B do not focus on unit-level verification, while option C pertains to programming methods rather than security verification processes.