Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your organization is selecting a popular open-source JSON parsing library to integrate into a payment processing microservice. To align with NIST's Secure Software Development Framework (SSDF) and minimize software supply chain risk, which action should you perform before allowing developers to import the library into the build pipeline?

  • Conduct a structured risk assessment that scans the library for known vulnerabilities and reviews its maintenance and patch history.

  • Add the library to the project's software bill of materials (SBOM) and postpone vulnerability scanning until after deployment.

  • Approve the library as long as its open-source license permits commercial use, deferring security considerations to later sprints.

  • Rely on the application firewall to filter any attacks that could exploit weaknesses in the library once it is deployed.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot