Question

A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers.

Which of the following BEST describes the contents of the supporting document the engineer is creating?

A. A series of ad-hoc tests that each verify security control functionality of the entire system at once.
B. A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.
C. A set of formal methods that apply to one or more of the programing languages used on the development project.
D. A methodology to verify each security control in each unit of developed code prior to committing the code.

Answer 1

The engineer is creating a methodology to verify each security control in each unit of developed code. Therefore the correct answer is Option D.

Step-by-step explanation:

The contents of the supporting document the security engineer is creating can be best described as a methodology to verify each security control in each unit of developed code prior to committing the code. This document would outline the process and steps to be followed by the developers to ensure that all security requirements are met. By verifying each security control in the code, the engineer ensures that the system is secure and protected from potential threats.