CH07 Supply Chain Management Flashcards

1
Q

Which of the following BEST describes when a third-party takes components produced by a legitimate manufacturer and assembles an unauthorized replica that is sold in the general marketplace?

a. Recycling
b. Capitalism
c. Counterfeiting
d. Entrepreneurship

A

c. Counterfeiting

While the unauthorized third-party may assemble a component that was legitimately made from OEM parts, the fact remains that those parts were never intended for distribution under the manufacturer’s legitimate label. Therefore, this is considered counterfeiting. As a cybersecurity analyst, you need to be concerned with your organization’s supply chain management. There have been documented cases of counterfeit hardware (like switches and routers) being sold with malware or lower mean time between failures, both of which affect the security of your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following programs was designed to secure the manufacturing infrastructure for information technology vendors providing hardware to the military?

a. Trusted Foundry (TF)
b. Supplied Assured (SA)
c. Sepply Secure (SS)
d. Trusted Access Program (TAP)

A

a. Trusted Foundry (TF)

The Trusted Foundry program, also called the trusted suppliers program, is a United States Department of Defense program designed to secure the manufacturing infrastructure for information technology vendors providing hardware to the military. Trusted Foundry was created to provide a chain of custody for classified/unclassified integrated circuits, ensure there is no reasonable threat related to supply disruption, prevent intentional/unintentional modification of integrated circuits, and protect integrated circuits from reverse engineering and vulnerability testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Following a root cause analysis of the unexpected failure of an edge router, a cybersecurity analyst discovered that the system administrator had purchased the device from an unauthorized reseller. The analyst suspects that the router may be a counterfeit device. Which of the following controls would have been most effective in preventing this issue?

a. Increase network vulnerability scan frequency
b. Ensure all anti-virus signatures are up to date
c. Conduct secure supply chain management training
d. Verify that all routers are patched to the latest release

A

c. Conduct secure supply chain management training

Anti-counterfeit training is part of the NIST 800-53r4 control set (SA-19(1)) and should be a mandatory part of your supply chain management training within your organization.

All other options may produce security gains in the network. They are unlikely to reliably detect a counterfeit item or prevent its introduction into the organization’s supply chain. Training on detection methodologies (i.e., simple visual inspections) and training for acquisition personnel will better prevent recurrences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Following a root cause analysis of an edge router’s unexpected failure, a cybersecurity analyst discovered that the system administrator had purchased the device from an unauthorized reseller. The analyst suspects that the router may be a counterfeit device. Which of the following controls would have been most effective in preventing this issue?

a. Increase network vulnerability scan frequency
b. Ensure all anti-virus signatures are up to date
c. Conduct secure supply chain management training
d. Verify that all routers are patched to the latest release

A

c. Conduct secure supply chain management training

OBJ-1.5: Anti-counterfeit training is part of the NIST 800-53r4 control set (SA-19(1)) and should be a mandatory part of your supply chain management training within your organization. All other options may produce security gains in the network. They are unlikely to reliably detect a counterfeit item or prevent its introduction into the organization’s supply chain. Training on detection methodologies (i.e., simple visual inspections) and training for acquisition personnel will better prevent recurrences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly