In addressing supply chain security risk, which practice is standard?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the DSAC Annex F Test with comprehensive flashcards and multiple choice questions. Access hints and explanations for each question to ensure you’re ready for your exam!

Multiple Choice

In addressing supply chain security risk, which practice is standard?

Explanation:
Addressing supply chain security risk requires a proactive, layered approach that covers who you work with, what security requirements they meet, how you monitor ongoing risk, and visibility into software components. Vetting vendors helps you select partners with strong security practices from the start. Requiring security requirements in contracts sets clear expectations and accountability. Ongoing monitoring keeps track of changes, incidents, and new threats in the supply chain. Including Software Bills of Materials (SBOMs) provides a transparent inventory of components and dependencies, so you can quickly identify vulnerable versions or risky licenses. Performing formal risk assessments helps prioritize mitigations based on potential impact and likelihood. Together, these practices create a comprehensive, proactive defense. This approach is preferable to waiting for a breach, relying only on internal controls, or using a generic checklist without SBOMs, all of which leave gaps in visibility and proactive protection.

Addressing supply chain security risk requires a proactive, layered approach that covers who you work with, what security requirements they meet, how you monitor ongoing risk, and visibility into software components. Vetting vendors helps you select partners with strong security practices from the start. Requiring security requirements in contracts sets clear expectations and accountability. Ongoing monitoring keeps track of changes, incidents, and new threats in the supply chain. Including Software Bills of Materials (SBOMs) provides a transparent inventory of components and dependencies, so you can quickly identify vulnerable versions or risky licenses. Performing formal risk assessments helps prioritize mitigations based on potential impact and likelihood. Together, these practices create a comprehensive, proactive defense.

This approach is preferable to waiting for a breach, relying only on internal controls, or using a generic checklist without SBOMs, all of which leave gaps in visibility and proactive protection.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy