CompTIA Security+ (SY0-501) — Question 533

A government organization recently contacted three different vendors to obtain cost quotes for a desktop PC refresh. The quote from one of the vendors was significantly lower than the other two and was selected for the purchase. When the PCs arrived, a technician determined some NICs had been tampered with.
Which of the following MOST accurately describes the security risk presented in this situation?

Answer options

• A. Hardware root of trust
• B. UEFI
• C. Supply chain
• D. TPM
• E. Crypto-malware
• F. ARP poisoning

Correct answer: C

Explanation

The situation highlights a supply chain risk, as the tampering of NICs indicates that the hardware may have been compromised before reaching the organization. Other options like Hardware root of trust, UEFI, TPM, Crypto-malware, and ARP poisoning do not address the specific issue of compromised components during the procurement process.