ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
A development team has generated a comprehensive software bill of materials (SBOM) for its web application and now needs to ensure that any newly disclosed Common Vulnerabilities and Exposures (CVEs) affecting third-party components are detected and remediated as quickly as possible. Which approach BEST meets this continuous monitoring requirement?
Schedule quarterly static application security tests (SAST) focusing on the project's proprietary source code.
Enforce TLS for all connections to the internal artifact repository hosting third-party binaries.
Instruct developers to review each component vendor's website for advisories at the start of every sprint.
Integrate an automated software composition analysis tool that continuously cross-references the SBOM with vulnerability intelligence feeds (e.g., NVD) and alerts on affected component versions.
Integrating an automated software composition analysis (SCA) tool into the continuous integration/continuous delivery (CI/CD) pipeline directly addresses the need for ongoing monitoring of third-party components. An SCA solution ingests the application's SBOM, maps listed components to vulnerability intelligence feeds such as the NVD, and generates real-time alerts when a new CVE matches a component version in use. This enables the team to triage, patch, or replace the affected dependency before it is exploited. Periodic static code analysis focuses on proprietary source code rather than external libraries, manual website checks are error-prone and untimely, and enabling TLS on an artifact repository protects data in transit but does not identify new vulnerabilities. Therefore, automating SCA with vulnerability feed integration is the most effective control for continuous monitoring of component changes and vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Software Bill of Materials (SBOM) and why is it critical in software development?
Open an interactive chat with Bash
What is a Common Vulnerabilities and Exposures (CVE) and how does it relate to cybersecurity?
Open an interactive chat with Bash
What is Software Composition Analysis (SCA) and how does it automate security monitoring?
Open an interactive chat with Bash
What is an SBOM and why is it important?
Open an interactive chat with Bash
What is a CVE and how does it help in identifying software vulnerabilities?
Open an interactive chat with Bash
What is an automated software composition analysis (SCA) tool and how does it work?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .