CompTIA CASP+ (CAS-003) — Question 171

A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization's file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access implemented within the file system.
Which of the following is MOST likely to be reviewed during the assessment? (Choose two.)

Answer options

• A. Access control list
• B. Security requirements traceability matrix
• C. Data owner matrix
• D. Roles matrix
• E. Data design document
• F. Data access policies

Correct answer: A, F

Explanation

The Access control list (ACL) is crucial as it defines who has permission to access what data, directly aligning with access requirements. Data access policies also play a key role as they outline the rules and procedures governing access to the data, ensuring compliance with documented requirements. The other options, while relevant to security, do not specifically address the immediate need to compare implemented access controls with documented requirements.