ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 130 discussion

Actual exam question from CompTIA's CS0-002
Question #: 130
Topic #: 1
[All CS0-002 Questions]

A manufacturing company uses a third-party service provider for Tier 1 security support. One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests. Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

  • A. Implement a secure supply chain program with governance.
  • B. Implement blacklisting for IP addresses from outside the country
  • C. Implement strong authentication controls for all contractors.
  • D. Implement user behavior analytics for key staff members.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by amateurguy at Sept. 15, 2022, 3:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
huehuehello
Highly Voted 1 year, 8 months ago
this questions are just fo fckin dumb that it hurst my eyes to read
upvoted 7 times
...
skibby16
Most Recent 1 year, 7 months ago
Selected Answer: A
Implementing a secure supply chain program with governance would be the most appropriate option to ensure that the third-party service provider complies with the requirement of only sourcing talent from its own country. This program would involve establishing policies, procedures, and contractual agreements that explicitly outline the expectations regarding the sourcing of talent and ensure compliance with geopolitical and national security interests. It provides a framework for managing and overseeing the supply chain, including the sourcing of personnel, to meet the company's specific requirements.
upvoted 1 times
...
kiduuu
2 years, 2 months ago
Selected Answer: A
Implementing a secure supply chain program with governance can help the manufacturing company ensure that the third-party service provider is meeting the requirement of sourcing talent only from its own country. This program can include measures such as conducting background checks on all contractors, verifying the location of the contractors' offices, and requiring the third-party service provider to provide regular reports on the location of their talent.
upvoted 3 times
...
AC6280
2 years, 4 months ago
Selected Answer: C
I guess I'm playing Devil's advocate here. A- I don't understand what supply chain programs with governance have to do with Tier 1 support. It doesn't say they're manufacturing the product which, to me, would be the tip off that we need to look at supply chain. B- Kind of? But easily circumvented. C- Authentication platforms can allow/block access based on location (conditional access). https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions#locations https://today.uic.edu/duo-to-block-authentication-in-countries-or-regions-subject-to-ofac-sanctions/ D- Throwaway answer. What would analytics do to prevent anything? While there are products that use behavior analytics to apply policy, I don't think that's what we're talking about here. Also, you would have to train the software for a bit to understand what's anomalous.
upvoted 1 times
AC6280
2 years, 4 months ago
Reading more on supply chain, changing answer to A. From the all-in-one Exam guide: This is a key part of performing supply chain risk assessments: to determine your risk that results from what your vendors and suppliers are or are not doing to protect themselves. Let’s look at some things an organization may look at to determine whether its vendors are practicing due diligence and, if not, what the level of risk might be: (...) • Ensure that contracts/agreements include requirements for adequate security controls. • Ensure that service level agreements are in place if appropriate. • Review the vendor’s security program before signing an agreement, and periodically thereafter. • Review internal and external audit reports and third-party reviews. • Conduct onsite inspection and interviews after signing the agreement. • Ensure that the vendor has a business continuity plan (BCP) in place. • Implement a nondisclosure agreement (NDA).
upvoted 6 times
2Fish
2 years, 3 months ago
Agree, this right here^. I was about to type all this out, thanks for doing it already. This is basically a 3rd party risk assessment which would include all the things you mentioned and more.
upvoted 3 times
...
...
...
knister
2 years, 5 months ago
Does anyone have a source of information for this response? Because I am still with amateurguy.
upvoted 1 times
AaronS1990
2 years, 4 months ago
third-party service so bolstering the supply chain is good
upvoted 1 times
...
...
SolventCourseisSCAM
2 years, 8 months ago
Selected Answer: A
IP blacklisting can be bypass with VPN, so it does not help the reuire situation. In this case, it needs to have secure supply chain vector. The answer should be A.
upvoted 2 times
...
Adrian831
2 years, 9 months ago
Selected Answer: A
I agree with A
upvoted 1 times
...
sh4dali
2 years, 9 months ago
Selected Answer: A
A is correct. It said tier 1, which is physical security.
upvoted 1 times
...
bigerblue2002
2 years, 9 months ago
Plus, could one note just use a VPN app to appear to be in country? Asking for a friend.
upvoted 1 times
...
amateurguy
2 years, 9 months ago
Selected Answer: B
what does supply chain have to do with security support? I would say ip blacklisting is better. Im going with B.
upvoted 2 times
cyberseckid
2 years, 9 months ago
read more about supply chain , going with a
upvoted 5 times
...
Treymb6
2 years, 9 months ago
Not B. Blacklisting a country's IP is easily bypassed with a VPN. A is correct.
upvoted 3 times
...
Big_Dre
1 year, 9 months ago
ohh boy thought i was the only one thinking that. been wondering too. don't know if its the English in the question or just the construct hahah
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel