An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?
Supply chain attacks are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjcye66gKv6AhXWjIkEHZ2BDAMQFnoECAUQAw&url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fintelligence%2Fsupply-chain-malware%23%3A~%3Atext%3DSupply%2520chain%2520attacks%2520are%2520an%2Clegitimate%2520apps%2520to%2520distribute%2520malware.&usg=AOvVaw3RhD4fF-pUIEOJD0fGVjn7
In this scenario, the attacker is targeting third-party software vendors, which are part of the supply chain. Supply chain attacks involve targeting and compromising the components, software, or services provided by third-party vendors, which can then be used to gain unauthorized access or control over the targeted organization's systems. By infiltrating the third-party software vendors, the attacker can potentially insert malicious code, backdoors, or vulnerabilities into the software products distributed to customers, leading to broader impact and potential compromise of multiple organizations.
Third and Fourth-Party Vendors
The rise in outsourcing means that your vendors pose a huge cybersecurity risk to your customer's data and your proprietary data. Some of the biggest data breaches were caused by third parties.
The attacker is exploiting the supply chain vector. The supply chain refers to the series of processes and organizations involved in the production, distribution, and delivery of goods and services. By infiltrating third-party software vendors, the attacker is attempting to gain access to the supply chain and compromise the software that is used by the organization. This can allow the attacker to launch attacks, steal sensitive data, or disrupt operations by inserting malicious code into the software. Social media, cloud, and social engineering are not directly related to the supply chain and would not be effective for infiltrating third-party software vendors.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
serginljr
Highly Voted 2 years, 7 months agogen2dee
2 years, 7 months agoi_bird
2 years, 7 months agoApplebeesWaiter1122
Most Recent 1 year, 9 months agoDWISE1
2 years, 1 month agoFMMIR
2 years, 4 months agoJSOG
2 years, 5 months agoSandon
2 years, 3 months agoMarciaL
2 years, 6 months agoRonWonkers
2 years, 7 months ago