nerdexam
(ISC)2

CISSP · Question #974

A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes software provided to the vendor by a thirdparty organization. The

The correct answer is D. Require that the software be thoroughly tested by an accredited independent software testing. The best step the manufacturing organization can take to minimize its financial risk in the new venture prior to the purchase is to require that the software be thoroughly tested by an accredited independent software testing company, because this will ensure that the software mee

Submitted by carlos_mx· Mar 5, 2026Software Development Security

Question

A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes software provided to the vendor by a thirdparty organization. The financial risk to the manufacturing organization starting production is high. What step should the manufacturing organization take to minimize its financial risk in the new venture prior to the purchase?

Options

  • AHire a performance tester to execute offline tests on a system.
  • BCalculate the possible loss in revenue to the organization due to software bugs and
  • CPlace the machine behind a Layer 3 firewall.
  • DRequire that the software be thoroughly tested by an accredited independent software testing

How the community answered

(38 responses)
  • A
    5% (2)
  • B
    11% (4)
  • C
    21% (8)
  • D
    63% (24)

Explanation

The best step the manufacturing organization can take to minimize its financial risk in the new venture prior to the purchase is to require that the software be thoroughly tested by an accredited independent software testing company, because this will ensure that the software meets the quality, functionality, reliability, and security requirements of the organization, and that any defects or vulnerabilities are identified and fixed before the production starts. Hiring a performance tester to execute offline tests on a system, calculating the possible loss in revenue due to software bugs and vulnerabilities, and placing the machine behind a Layer 3 firewall are all good practices, but they are not sufficient to minimize the financial risk, as they do not address the root cause of the software problems, and they may not detect all the issues that could affect

Topics

#Software supply chain risk#Third-party risk management#Software quality assurance#Independent testing

Community Discussion

No community discussion yet for this question.

Full CISSP Practice