SBOMs enable which practice in supply chain risk management?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Cyber ProKnow AI Test with multiple choice questions, detailed explanations, and tailored study resources. Enhance your skills and confidence to excel in the exam!

Multiple Choice

SBOMs enable which practice in supply chain risk management?

Explanation:
SBOMs support supply chain risk management by providing a clear inventory of what makes up the software—every component, library, and dependency, along with versions and origins. With that visibility, security teams can map each component to known vulnerabilities in public databases (such as CVEs) and track which products include those at-risk components. This makes it possible to identify all components and their known vulnerabilities across a software portfolio and prioritize remediation. For example, if a specific library version has a CVE, the SBOM lets you quickly see whether that exact library is used in your software, enabling you to assess exposure and plan patches or replacements. The other options describe controls unrelated to SBOMs: enforcing password changes, blocking external network access, and encrypting source code at rest are different security measures focused on authentication, network security, and data protection, not on cataloging software components and their vulnerabilities.

SBOMs support supply chain risk management by providing a clear inventory of what makes up the software—every component, library, and dependency, along with versions and origins. With that visibility, security teams can map each component to known vulnerabilities in public databases (such as CVEs) and track which products include those at-risk components. This makes it possible to identify all components and their known vulnerabilities across a software portfolio and prioritize remediation.

For example, if a specific library version has a CVE, the SBOM lets you quickly see whether that exact library is used in your software, enabling you to assess exposure and plan patches or replacements.

The other options describe controls unrelated to SBOMs: enforcing password changes, blocking external network access, and encrypting source code at rest are different security measures focused on authentication, network security, and data protection, not on cataloging software components and their vulnerabilities.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy