During a routine inspection, an organization discovers unauthorized code in firmware that was provided by a new hardware vendor. Which measure best addresses persistent concerns about hidden modifications in future deliveries?
Store known firmware issues in a shared registry without further testing
Enforce a chain-of-custody procedure so that relevant components are signed, logged, and assessed during handling
Approve a regulated standard from the vendor once at the beginning of the relationship
Obtain a written agreement from suppliers disclaiming hidden functionality
A chain-of-custody procedure that logs and assesses relevant components provides a structure for detecting altered items before deployment. Simply relying on a contract fails to mitigate ongoing threats, and storing known issues in a shared registry without more testing leaves the organization vulnerable. Approving a standard at the start of the relationship offers little protection over time. Regular oversight throughout handling helps reduce the chance of undiscovered tampering.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a chain-of-custody procedure in the context of cybersecurity?
Open an interactive chat with Bash
Why is relying solely on a written agreement with hardware vendors insufficient for preventing hidden modifications?
Open an interactive chat with Bash
How does approving a standard at the beginning of a vendor relationship fall short of ongoing security needs?