CISSP Practice Question: What would MOST likely happen if a company fails to implement a…
Correct Answer: A. Increased risk of supply chain attacks
Explanation (CISSP Manager Logic):
Failing to govern third-party software components creates visibility gaps that adversaries exploit to inject malicious code. A robust policy serves as a critical administrative control to ensure the integrity of the software lifecycle and protect the organization from downstream compromises.
By implementing this solution, you:
- Ensure the integrity of third-party libraries and dependencies.
- Reduce the organization's attack surface across the software lifecycle.
- Align procurement and development with established security frameworks.
While the other options are relevant, they fall short because:
- B: Security posture and software performance are independent metrics; neglecting security does not inherently improve speed.
- C: Trust is built on verified security standards, and a lack of oversight eventually erodes vendor accountability.
- D: While skipping controls may save upfront costs, the long-term financial impact of a breach far outweighs initial savings.
Think like a manager:
Treat software dependencies as critical assets and apply rigorous due diligence to prevent third-party vulnerabilities from becoming your liability.
Ready to find out if you'd pass?
5,000+ expert-calibrated questions, adaptive CAT mock exams, and gap analysis that shows exactly what to study next.
Try 5 free questions Start 7-day free trial