CompTIA SecurityX (CAS-005) — Question 35

An organization's board of directors has asked the Chief Information Security Officer to build a third-party management program. Which of the following best explains a reason for this request?

Answer options

• A. Risk transference
• B. Supply chain visibility
• C. Support availability
• D. Vulnerability management

Correct answer: B

Explanation

The correct answer is B, as establishing a third-party management program enhances visibility into the supply chain, allowing the organization to monitor risks associated with external partners. Options A, C, and D are important concepts in security management, but they do not specifically address the direct need for oversight and transparency in third-party relationships.