Choose the option that best describes the main purpose of supply chain security in cybersecurity.
Think about what risks supply chain security tries to prevent.
Supply chain security aims to protect the entire chain of production and delivery from threats like tampering or counterfeit parts. This means verifying trustworthiness of all components.
Select the risk that is most commonly associated with supply chain security breaches.
Consider risks that happen during software or hardware delivery.
Malicious code inserted into software updates is a classic supply chain attack, where attackers compromise trusted software to spread malware.
A company receives a software update from a trusted vendor. Later, it is discovered the update contained hidden malware. What is the most likely supply chain security failure?
Think about how software authenticity is usually confirmed.
Digital signatures help verify that software updates are authentic and untampered. Failure to check them allows malware to enter unnoticed.
Which control is more effective at preventing hardware tampering during manufacturing?
Focus on physical protection methods for hardware.
Tamper-evident seals show if hardware has been opened or altered, making them effective against physical tampering during manufacturing.
A company uses multiple third-party software libraries. Which approach best helps detect if one library has been compromised?
Think about how to confirm software integrity over time.
Verifying cryptographic hashes ensures the library files have not been altered, helping detect compromises quickly.