ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 770 discussion

Actual exam question from CompTIA's SY0-501
Question #: 770
Topic #: 1
[All SY0-501 Questions]

A government organization recently contacted three different vendors to obtain cost quotes for a desktop PC refresh. The quote from one of the vendors was significantly lower than the other two and was selected for the purchase. When the PCs arrived, a technician determined some NICs had been tampered with.
Which of the following MOST accurately describes the security risk presented in this situation?

  • A. Hardware root of trust
  • B. UEFI
  • C. Supply chain
  • D. TPM
  • E. Crypto-malware
  • F. ARP poisoning
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by igorg at July 27, 2020, 12:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SvendZ
Highly Voted 4 years, 9 months ago
I think it's C. HROT is used in crypto/secure boot. UEFI is BIOS. TPM is also crypto and part of HROT. It's obviously not Crypto-malware or ARP poisoning.
upvoted 9 times
...
Crkvica
Highly Voted 4 years, 8 months ago
C. Supply chain...This question is tricky, it's about supplying, they bought the PCs from unrecognized vendor that was much cheaper than the others two.The NIC (Network interface card) are tampered.
upvoted 8 times
...
Born_Again
Most Recent 3 years, 11 months ago
From Professor Messer's Notes: Supply chain • September 2015: Hundreds of Cisco routers infected with “SYNful Knock” • Firmware modified for back-door access • Can you trust your new server/router/switch/firewall? • Supply chain cyber security • Use trusted vendors • Critical devices should not be connected to the outside • Verify your hardware is genuine
upvoted 1 times
...
yalight
4 years, 3 months ago
government doesn't manufacture PC, so it is not hardware root of trust.
upvoted 3 times
...
babati
4 years, 8 months ago
SUPPLY CHAIN A supply chain is the end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer. For the TPM to be trustworthy, the supply chain of chip manufacturers, firmware authors, OEM resellers, and administrative staff responsible for provisioning the computing device to the end user must all be trustworthy. Anyone with the time and resources to modify the computer's firmware could (in theory) create some sort of backdoor access. It is also critical that no one learn the endorsement key programmed into each TPM. Anyone obtaining the endorsement key will be able to impersonate that TPM.
upvoted 3 times
...
Daaio
4 years, 8 months ago
I believe the answer is C. Without assuming anything, the tampered NIC represents a serious vulnerability as this component connects the computer to a computer network. It also has to do with secure systems design. Cheaper does not always mean better. From Darril Gibson's book: "There have been many incidents where new computers were shipped with malware. As an example, Microsoft researchers purchased several new computers in China and found them infected with the Nitol virus. These computers were also running counterfeit versions of Windows. This helps illustrate the importance of purchasing computers from reputable sources."
upvoted 5 times
...
CoRell
4 years, 8 months ago
It's A.
upvoted 1 times
CoRell
4 years, 8 months ago
To provide more context: "The concept of the hardware root of trust is supported by the National Security Agency (NSA) High Assurance Platform (HAP)." If you study for CompTIA CySA+ you'll come across it. That's what governments rely on when they order components for their systems. More info here if you need: https://www.prnewswire.com/news-releases/implementing-hardware-roots-of-trust-a-new-guide-to-hardware-security-developed-by-the-sans-institute-212780511.html
upvoted 1 times
CoRell
4 years, 8 months ago
Sorry, It's actually the Trusted Platform Module (TPM) root of trust.
upvoted 1 times
...
...
...
igorg
4 years, 9 months ago
I think A. Hardware root of trust is the right answer
upvoted 2 times
who__cares123456789___
4 years, 3 months ago
NOT ROOT OF TRUST...read article, then fight me!! lol https://www.synopsys.com/designware-ip/technical-bulletin/understanding-hardware-roots-of-trust-2017q4.html
upvoted 1 times
...
lapejor
4 years, 1 month ago
Given answer is correct. https://www.microsoft.com/security/blog/2019/10/16/guarding-against-supply-chain-attacks-part-1-big-picture/
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago