CompTIA SecurityX (CAS-005) — Question 187

A company receives reports about misconfigurations and vulnerabilities in a third-party hardware device that is part of its released products. Which of the following solutions is the best way for the company to identify possible issues at an earlier stage?

Answer options

• A. Performing vulnerability tests on each device delivered by the providers
• B. Performing regular red-team exercises on the vendor production line
• C. Implementing a monitoring process for the integration between the application and the vendor appliance
• D. Implementing a proper supply chain risk management program

Correct answer: D

Explanation

The correct answer is D because a proper supply chain risk management program helps to proactively identify and mitigate risks associated with third-party components before they affect the product. Options A and B focus on testing after delivery, which may not catch issues early enough. Option C, while useful, does not cover the broader risks involved in the supply chain.