Certified Administrative Professional (CAP) Practice Exam 2025 – Your All-in-One Guide to Exam Mastery!

The verification of operational security controls occurs during the development/acquirement phase of the Software Development Life Cycle (SDLC). In this phase, the system is being developed or acquired, which includes implementing various security measures within the software architecture. This is crucial for ensuring that the security controls, such as authentication, authorization, and auditing mechanisms, are integrated into the system effectively.

During the development/acquirement phase, teams will typically assess how security controls are designed and applied to meet specific security requirements. This includes regular reviews and updates that reflect compliance with security policy and standards, allowing for adjustments to be made before moving on to the subsequent phases.

In contrast, although testing and verification of security measures may also occur during the testing phase, the primary focus in that phase is assessing the overall functionality and performance of the system rather than the detailed implementation of security controls. The planning phase involves defining the project scope and security requirements but does not include verification, while the deployment phase is focused on delivering the completed product rather than evaluating controls that were implemented earlier.