CompTIA CASP+ Practice Test

What tool is BEST used to verify security requirements were met from project inception through to implementation?

• A. Risk assessment
• B. Security requirements traceability matrix (SRTM)
• C. Compliance checklist
• D. Incident response plan

The correct answer is: Security requirements traceability matrix (SRTM)

The most effective tool for verifying that security requirements were met throughout the project lifecycle, from inception to implementation, is the Security Requirements Traceability Matrix (SRTM). This matrix provides a structured approach to ensure that every security requirement is tracked, documented, and validated at various stages of the project. By mapping each security requirement to specific project phases, the SRTM allows project managers and stakeholders to confirm that all necessary security measures have been considered and addressed. It helps in identifying any gaps, ensuring compliance with regulations and industry standards, and maintaining accountability throughout the project. While other options like risk assessments and compliance checklists can address security aspects, they do not specifically provide the comprehensive tracking and verification capability that the SRTM offers. A risk assessment focuses on identifying and evaluating risks rather than on verifying that security requirements have been implemented. A compliance checklist helps ensure adherence to regulatory requirements but may not cover every security requirement in detail, nor provide the necessary traceability. An incident response plan is crucial for managing and responding to security incidents but does not facilitate the tracking of security requirements during project development.