CompTIA CASP+ (CAS-004) — Question 131

An organization's assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.
Given this information, which of the following is a noted risk?

Answer options

• A. Feature delay due to extended software development cycles
• B. Financial liability from a vendor data breach
• C. Technical impact to the API configuration
• D. The possibility of the vendor's business ceasing operations

Correct answer: B

Explanation

The correct answer, B, highlights the financial liability that the organization faces if the vendor experiences a data breach, especially since they handle customer data. Options A, C, and D, while potentially relevant, do not directly address the immediate risk associated with the vendor's lack of cybersecurity insurance and high turnover, making B the most pertinent concern.