ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
While responding to a zero-day flaw in an open-source logging library, a DevSecOps engineer uses the organization's software bill of materials (SBOM) to determine which microservices must be patched first. Which characteristic of a well-maintained SBOM makes this rapid scoping possible?
It enforces license compliance by automatically blocking components that carry copyleft licenses incompatible with your policy.
It provides runtime monitoring hooks that alert when a component functions outside expected parameters.
It records cryptographic hashes for each build artifact, allowing automated validation of file integrity across deployments.
It maintains a hierarchical inventory of all third-party and transitive dependencies, allowing you to query which applications include a vulnerable component.
An SBOM acts as a detailed inventory that lists every third-party and transitive dependency included in an application. Because each component is recorded in a searchable hierarchy, security teams can immediately identify all software that contains a newly disclosed vulnerable library and prioritize remediation. Cryptographic hashes support integrity checking, license controls address legal risk, and runtime hooks support detection, but none of those capabilities by themselves allow teams to discover every place a vulnerable component is embedded.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an SBOM in software development?
Open an interactive chat with Bash
What are transitive dependencies in an SBOM?
Open an interactive chat with Bash
How does a hierarchical inventory in an SBOM help with vulnerability management?
Open an interactive chat with Bash
What is an SBOM and why is it important in software security?
Open an interactive chat with Bash
What are third-party and transitive dependencies in the context of an SBOM?
Open an interactive chat with Bash
How does the hierarchical structure in an SBOM enable effective vulnerability management?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .