CompTIA CASP+ (CAS-004) — Question 632

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

Answer options

• A. SDLC attack
• B. Side-load attack
• C. Remote code signing
• D. Supply chain attack

Correct answer: D

Explanation

The correct answer is a Supply chain attack because the malware was introduced during the development process, affecting the integrity of the hardware across various sectors. An SDLC attack specifically targets the Software Development Life Cycle, while a Side-load attack involves unauthorized installation of applications, and Remote code signing pertains to the validation of software authenticity, none of which fully encapsulate the broader risk posed by compromising the supply chain.