Cybersecurity Questions to Ask Your Vendor: Part 2