nerdexam
(ISC)2

CISSP · Question #332

Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain. Which of the following is LEAST associated with the attack surface

The correct answer is C. Error messages. Error messages are not part of the attack surface, which is the sum of all the points where an attacker can try to enter or extract data from a system. Error messages are the output of the system when something goes wrong, and they can reveal useful information to an attacker, su

Submitted by manish99· Mar 5, 2026Security and Risk Management

Question

Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain. Which of the following is LEAST associated with the attack surface?

Options

  • AInput protocols
  • BTarget processes
  • CError messages
  • DAccess rights

How the community answered

(42 responses)
  • A
    12% (5)
  • B
    2% (1)
  • C
    79% (33)
  • D
    7% (3)

Explanation

Error messages are not part of the attack surface, which is the sum of all the points where an attacker can try to enter or extract data from a system. Error messages are the output of the system when something goes wrong, and they can reveal useful information to an attacker, such as the system version, configuration, or vulnerabilities. However, they are not directly associated with the attack surface. Input protocols, target processes, and access rights are all factors that can affect the attack surface, as they determine how the system interacts with the external environment and what resources are exposed or protected.

Topics

#attack surface#third-party risk#supply chain security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice