CISSP · Question #1437
Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?
The correct answer is B. Zero-day attack. Monitoring open source libraries for known vulnerabilities helps mitigate zero-day attacks by identifying and patching newly disclosed flaws before they are exploited. This practice is a core component of software composition analysis (SCA) and vulnerability management.
Question
Options
- ADistributed denial-of-service (DDoS) attack
- BZero-day attack
- CPhishing attempt
- DAdvanced persistent threat (APT) attempt
How the community answered
(33 responses)- A3% (1)
- B79% (26)
- C12% (4)
- D6% (2)
Why each option
Monitoring open source libraries for known vulnerabilities helps mitigate zero-day attacks by identifying and patching newly disclosed flaws before they are exploited. This practice is a core component of software composition analysis (SCA) and vulnerability management.
DDoS attacks overwhelm network resources with traffic and are mitigated by rate limiting, traffic scrubbing, and CDN-based protections-not by monitoring software library vulnerabilities.
Zero-day attacks exploit previously unknown or unpatched vulnerabilities, and open source libraries are a common attack surface for such exploits (e.g., Log4Shell/CVE-2021-44228). By continuously monitoring open source dependencies through tools like software composition analysis, organizations can detect newly disclosed CVEs in their libraries and patch them before threat actors exploit the vulnerability, directly reducing zero-day exposure risk.
Phishing attempts target users through deceptive emails or messages and are mitigated by email filtering, user awareness training, and MFA-not by tracking vulnerabilities in open source code.
While APTs may eventually exploit software vulnerabilities, they are primarily characterized by long-term, stealthy intrusion campaigns that require behavioral detection, threat intelligence, and network monitoring to mitigate-not solely open source library tracking.
Concept tested: Vulnerability management for open source software dependencies
Source: https://www.cisa.gov/resources-tools/resources/software-bill-of-materials-sbom
Topics
Community Discussion
No community discussion yet for this question.