🔥 3-day streak
CompTIA SecurityX (CAS-005)97 / 120
Question 97 of 120

A financial services company is onboarding a third-party software vendor whose product will be integrated into a payment processing pipeline. The security architect wants to reduce supply-chain risk by ensuring the company can independently verify the components within the vendor's software, detect known vulnerabilities in embedded open-source libraries, and validate that delivered binaries match the vendor's build artifacts. Which combination of contractual and technical requirements BEST addresses these goals?

Reviewed for accuracy · Report an issueNext question