Which of the following would normally be considered a supply chain risk? (Select all that apply.)
Answer Options
Adversary tampering with hardware prior to being shipped to the end customer
Adversary hacking into a web server run by the organization in an IaaS environment
Adversary using social engineering to compromise an employee of a SaaS vendor to gain access to customer accounts
Adversary conducting a denial-of-service attack using a botnet
Correct Answer: A
Explanation
Supply chain risks occur when the adversary is interfering with the delivery of goods or services from a supplier to the customer. This might involve tampering with hardware before the customer receives it or using social engineering to compromise a vendor employee. Hacking into a web server run in an infrastructure-as-a-service (IaaS) environment is not a supply chain risk because the web server is already under the control of the customer. Using a botnet to conduct a denial-of-service attack does not involve any supply chain elements.