ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 344 discussion

Actual exam question from CompTIA's SY0-601
Question #: 344
Topic #: 1
[All SY0-601 Questions]

A company uses specially configured workstations for any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred?

  • A. Fileless malware
  • B. A downgrade attack
  • C. A supply-chain attack
  • D. A logic bomb
  • E. Misconfigured BIOS
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Ranaer at Feb. 8, 2023, 12:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ranaer
Highly Voted 2 years, 4 months ago
Selected Answer: C
I believe SoC here is used for "System on a chip". This indicates to me that the only reasonable answer is supply-chain attack.
upvoted 18 times
...
Grumpy_Old_Coot
Most Recent 1 year, 5 months ago
Modifying/Replacing a SoC? That's a government level ATP with supply chain attack capability! Hardware was already modified -before- it was received.
upvoted 1 times
...
ApplebeesWaiter1122
2 years ago
Selected Answer: C
The most likely occurrence in this scenario is a supply-chain attack (option C). A supply-chain attack involves compromising the security of a product or component during its manufacturing, distribution, or delivery process. In this case, the incident suggests that the SoC (System on a Chip) in one of the specially configured workstations was tampered with or replaced, indicating a compromise in the supply chain. This type of attack allows threat actors to gain unauthorized access to systems or introduce malicious components into trusted systems. By tampering with the hardware at the manufacturing or delivery stage, the attackers can bypass security measures and potentially gain persistent control over the compromised system.
upvoted 4 times
...
ajalfo
2 years, 4 months ago
I don't understand how this is a supply-side attack. Supply-side indicates that something from manufacturing was purchased and then attached to the system so that this attack could occur. That makes less sense than a downgrade attack in which someone takes an inferior product and surreptitiously attaches it to the system. That kind of behavior would fall into place with a saboteur because that person would have direct hands on the product, and in that case, wouldn't the answer be a downgrade attack? To be honest, that wasn't my initial answer. But that's what it looks like to me now.
upvoted 1 times
workhard
2 years, 2 months ago
CompTIA categorizes downgrade as a cryptographic attack, so I think they did not mean that type of attack you are describing.
upvoted 1 times
...
...
Jibz18
2 years, 4 months ago
Selected Answer: C
Agree with C here.
upvoted 2 times
...
sdc939
2 years, 4 months ago
Selected Answer: C
The only one that makes sense is C. A supply-chain attack
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel