CompTIA CASP+ (CAS-004) — Question 460

An organization’s board of directors has asked the Chief Information Security Officer to build a third-party management program. Which of the following best explains a reason for this request?

Answer options

• A. Risk transference
• B. Supply chain visibility
• C. Support availability
• D. Vulnerability management

Correct answer: B

Explanation

The correct answer is B, as establishing a third-party management program primarily enhances supply chain visibility, allowing the organization to monitor and manage risks associated with third-party vendors. The other options, while relevant to security practices, do not specifically address the need for oversight and transparency in the supply chain related to third-party interactions.