CompTIA CASP+ (CAS-003) — Question 23

A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:
✑ The tool needs to be responsive so service teams can query it, and then perform an automated response action.
✑ The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.
✑ The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.
Which of the following need specific attention to meet the requirements listed above? (Choose three.)

Answer options

• A. Scalability
• B. Latency
• C. Availability
• D. Usability
• E. Recoverability
• F. Maintainability

Correct answer: B, C, E

Explanation

The correct answers are Latency, Availability, and Recoverability. Latency is important for responsiveness, ensuring that service teams can quickly query the tool. Availability is crucial for resilience against outages, allowing continuous user access reviews. Recoverability is necessary to meet the requirement of data retrieval after failures, ensuring that the system can restore operations effectively. Scalability, usability, and maintainability, while relevant, do not directly address the specific requirements outlined by the stakeholders.