Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During acceptance testing, a developer must confirm that a third-party library pulled from an external repository is authentic and unaltered before it is placed in the build pipeline. Which approach most directly achieves both goals?

  • Review the component's file size and modification date in the repository, then run an antivirus scan before packaging.

  • Validate the supplier's digital signature on the library and compare its SHA-256 hash to the value recorded in the SBOM.

  • Download the component over HTTPS and store it in a write-once media repository for later auditing.

  • Compute an MD5 hash of the installed file after deployment and compare it with a baseline stored on the production host.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot