ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
Your organization is adopting NIST's Secure Software Development Framework (SSDF) to manage supply chain risk for a new SaaS product. Which action best aligns with the SSDF practice of verifying the integrity of third-party software components and directly reduces supply chain risk?
Schedule annual external penetration testing of the production SaaS environment.
Maintain an SBOM and validate downloaded components with cryptographic signatures before they enter the build pipeline.
Require suppliers to provide written attestation of their internal secure development policies.
Enforce role-based access control on all developer workstations.
The SSDF recommends verifying the integrity and authenticity of every third-party component before it enters the build process. Keeping a current software bill of materials (SBOM) and validating each downloaded component with cryptographic hashes or digital signatures addresses that recommendation and provides traceability if a vulnerability is later disclosed. Simply requesting supplier attestations, conducting annual penetration tests, or enforcing workstation access controls are useful security measures, but they do not fulfill the specific SSDF requirement to confirm component integrity within the software supply chain.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an SBOM and why is it important?
Open an interactive chat with Bash
How do cryptographic signatures verify the integrity of software components?
Open an interactive chat with Bash
What does NIST's SSDF recommend for managing supply chain risk?
Open an interactive chat with Bash
What is an SBOM and why is it important in software development?
Open an interactive chat with Bash
How do cryptographic hashes and digital signatures verify the integrity of software components?
Open an interactive chat with Bash
What is NIST's Secure Software Development Framework (SSDF)?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .