Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your DevSecOps team is adding software composition analysis (SCA) to its Git-based CI/CD pipeline for a Node.js microservice. The goal is to block introduction of vulnerable open-source libraries as early as possible while minimizing wasted build time. At which pipeline point should the SCA scan be executed?

  • Only when a critical vulnerability is announced by an external advisory service

  • As a pre-commit or pre-merge job that runs immediately after a developer pushes code to the shared repository

  • After the application is deployed to production, triggered by the first user request

  • As part of the long-running performance test stage executed nightly on the staging environment

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Lifecycle Management
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot