CompTIA SecurityX (CAS-005) — Question 220

A software development company needs to mitigate third-party risks to its software supply chain. Which of the following techniques should the company use in the development environment to best meet this objective?

Answer options

• A. Performing software composition analysis
• B. Requiring multifactor authentication
• C. Establishing coding standards and monitoring for compliance
• D. Implementing a robust unit and regression-testing scheme

Correct answer: A

Explanation

The correct answer is A, as performing software composition analysis helps identify vulnerabilities and risks associated with third-party software components. Options B, C, and D focus on security measures and coding practices but do not specifically address the risks posed by third-party software in the supply chain.