CompTIA SecurityX (CAS-005) — Question 147

A company sells a security appliance assembled from globally sourced hardware and software components. Installing the security appliance requires enabling administrative permissions for the service accounts on the appliance. Which of the following allows the company to reassure new and existing customers that the risk introduced by the appliance is minimal?

Answer options

• A. The results of a qualitative risk analysis performed on the appliance
• B. A business impact analysis and risk prioritization process
• C. Results of internal risk reduction studies conducted by a third-party assessor
• D. A transparent supply chain risk management and testing program

Correct answer: D

Explanation

The correct answer is D because a transparent supply chain risk management and testing program demonstrates that the company actively manages and mitigates risks associated with the components of the appliance. Options A, B, and C do not directly address the supply chain aspect, which is critical to reassuring customers about the risks introduced by globally sourced components.