Your company is currently migrating from the current network infrastructure to a faster, more secure network while following the SDLC. To provide an appropriate level of assurance, the security requirements that were specified at the project origin need to be carried through to implementation. Which of the following would BEST help to determine if this occurred?

A. change management process
B. penetration testing
C. vulnerability assessment
D. security requirements traceability matrix (SRTM)

D
Explanation: To determine if the security requirements that were specified at the project origin are carried through to implementation, your company should use a security requirements traceability matrix (SRTM).
The change management process helps to ensure that future changes follow the appropriate procedures. Penetration testing will help to identify any areas of weakness in the network. Vulnerability assessments will help to identify any vulnerability in the network. None of these are used to track security requirements throughout a project.