Free CompTIA Security+ SY0-701 Practice Question

What action should an organization take to BEST evaluate and mitigate the risk of introducing vulnerabilities into its IT infrastructure when acquiring a security-critical application from a software provider?

  • Gain access to the source code to conduct independent audits regularly.

  • Select a vendor with a proven track record of reliability in partnerships with similar organizations.

  • Review the software provider's software development life cycle (SDLC) practices for security integration.

  • Include contract terms that ensure the provider gives security assurances and liability coverage for breaches.

This question's topic:
CompTIA Security+ SY0-701 / 
Threats, Vulnerabilities, and Mitigations
Your Score:

Check or uncheck an objective to set which questions you will receive.