A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?
A.
A thorough analysis of the supply chain
B.
A legally enforceable corporate acquisition policy
C.
A right to audit clause in vendor contracts and SOWs
D.
An in-depth penetration test of all suppliers and vendors
The correct answer is C:
While understanding the supply chain is important, it doesn't directly address the ability to enforce compliance or verify the authenticity of the hardware being procured.
A right to audit clause in vendor contracts and SOWs is a direct control measure that allows the company to verify that vendors are supplying genuine hardware and by having that right the company can inspect and verify the hardware's authenticity.
I agree, I thought it was C at first as well.
C. A right to audit clause in vendor contracts and SOWs
Including a "right to audit" clause in contracts and statements of work (SOWs) allows the company to verify the authenticity of the hardware and ensure that suppliers and vendors are providing certified, legitimate equipment. This directly addresses the risk of procuring counterfeit hardware by enabling periodic checks and accountability for the suppliers.
A thorough analysis of the supply chain (A) is also useful, but the "right to audit" clause provides more actionable oversight and enforcement regarding vendor practices.
A penetration test would be checking the security practices of your supply chain to ensure they are not easily tampered with, but does not address the lack of reliability, & authenticity that would protect a company from the possible procurement of faulty supplies/hardware like an analysis would.
An enforced acquisition policy would be a bad practice especially if the parts were faulty.
A right to audit clause, & Statement of Work (SOW) is the first step to allowing an analysis, or penetration test of vendor services, & goods.
Thorough analysis of the supply chain is the best approach to mitigate the risks associated with procuring counterfeit hardware. It focuses on ensuring that hardware is sourced from legitimate, certified vendors and suppliers.
A. A thorough analysis of the supply chain
A thorough analysis of the supply chain helps identify and mitigate risks related to counterfeit hardware. By assessing the origin and authenticity of hardware components, verifying suppliers, and ensuring compliance with standards, the company can reduce the chances of receiving counterfeit or substandard hardware.
While the other options might be useful in different contexts, supply chain analysis specifically addresses the issue of procuring counterfeit hardware.
The best answer to the question is C: A right to audit clause in vendor contracts and SOWs.
Here's why:
Option C: This option ensures that the company has the legal right to inspect the hardware and its supply chain, which can help mitigate the risks associated with procuring counterfeit hardware. It provides a contractual obligation for the vendor to allow audits, ensuring that the company can verify the authenticity of the hardware before deployment.
While options A and B are also valid practices for managing supply chain risks, they do not directly address the specific risk of procuring counterfeit hardware. Option D is an excellent practice for identifying vulnerabilities in a network, but it does not specifically address the issue of counterfeit hardware.
In summary, having the legal right to audit vendors and their supply chains is the most direct and effective way to address the risks associated with procuring counterfeit hardware.
In the process of conducting due diligence, companies can request for (external) audits which will fall under the right to audit clause. Right to audit clause is not only after the fact
I was about to say C, although correct answer is A - bcoz audit is AFTER the transaction. We want to investigate first, before buying anything from the suplier.
I think the key word is "procuring". This involves getting quotes from vendors. Some requirements may only allow components and manufacturing from US based vendors. That's where you need to be mindful of the supply chain. Case example - some brands were found to be beaconing information to foreign countries.
While "C" is a valuable measure, it primarily ensures compliance and accountability after the fact. It allows for the detection of issues during audits but doesn’t proactively prevent counterfeit hardware from entering the supply chain. "A" is a more proactive approach. It involves evaluating and monitoring the entire supply chain to identify and mitigate risks before counterfeit hardware can be procured. So, it should be "A" - correct answer.
I did a lot of back and forth with ChatGPT regarding this topic, and even brought up some of the points people were making here. The first response it got was also A. But after discussing what both options (A & C) can offer as a solution to this problem, it eventually changed it's mind to C. To me C makes most sense as it provides an actionable solution that provides direct control
You cannot do a thorough analysis of the supply chain without a right to audit. ;-)
Also, a right to audit will be fundamental to separate the supplier that allow (and become a supplier) from those one that would not allow auditing (and not become a supplier).
Trick question? Is Assessment the same as analysis as far as Comptia is concerned? Vendor assessment is a thorough background check for potential suppliers that allows an organization to gauge their due diligence, competence, and dependability for the safeguarding of business interests and stringent quality control.
Vendor Accountability: By including a right to audit clause, the company ensures vendors are accountable for providing certified hardware. This clause can serve as a deterrent against the supply of counterfeit products, as vendors know their processes and products can be reviewed at any time.
Verification of Authenticity: Audits can include checks on the supply chain processes, manufacturing practices, and documentation related to the origin and certification of hardware. This ensures that only legitimate products are used in network construction.
Just saying...
A penetration test would be checking the security practices of your supply chain to ensure they are not easily tampered with, but does not address the lack of reliability, & authenticity that would reason for the procurement of faulty supplies (hardware) like an analysis would.
An enforced acquisition policy would be a bad practice especially if the parts were faulty.
A right to audit clause, & Statement of Work (SOW) is the first step to allowing an analysis, or penetration test of vendor services, & goods.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Mehsotopes
Highly Voted 10 months, 1 week agoa4e15bd
7 months ago3dk1
4 months, 4 weeks agoJackExam2025
2 weeks, 6 days agoMehsotopes
Highly Voted 10 months, 1 week agoSamuel07
Most Recent 5 days, 2 hours agoJackExam2025
2 weeks, 6 days agoLeek23
1 month agoMidos
1 month agobabujiju
2 months agoatta_papa23
2 months, 1 week ago41c27e6
2 months, 2 weeks agoBito808
4 months, 3 weeks agoUser92
5 months, 2 weeks ago3330278_111
6 months, 3 weeks agonap61
6 months, 3 weeks agotamdod
6 months, 4 weeks agodbrowndiver
7 months, 2 weeks agoZach123654
8 months, 1 week agoMehsotopes
10 months, 1 week ago