nerdexam
(ISC)2

CISSP · Question #1437

Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?

The correct answer is B. Zero-day attack. Monitoring open source libraries for known vulnerabilities helps mitigate zero-day attacks by identifying and patching newly disclosed flaws before they are exploited. This practice is a core component of software composition analysis (SCA) and vulnerability management.

Submitted by rania.sa· Mar 5, 2026Software Development Security

Question

Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?

Options

  • ADistributed denial-of-service (DDoS) attack
  • BZero-day attack
  • CPhishing attempt
  • DAdvanced persistent threat (APT) attempt

How the community answered

(33 responses)
  • A
    3% (1)
  • B
    79% (26)
  • C
    12% (4)
  • D
    6% (2)

Why each option

Monitoring open source libraries for known vulnerabilities helps mitigate zero-day attacks by identifying and patching newly disclosed flaws before they are exploited. This practice is a core component of software composition analysis (SCA) and vulnerability management.

ADistributed denial-of-service (DDoS) attack

DDoS attacks overwhelm network resources with traffic and are mitigated by rate limiting, traffic scrubbing, and CDN-based protections-not by monitoring software library vulnerabilities.

BZero-day attackCorrect

Zero-day attacks exploit previously unknown or unpatched vulnerabilities, and open source libraries are a common attack surface for such exploits (e.g., Log4Shell/CVE-2021-44228). By continuously monitoring open source dependencies through tools like software composition analysis, organizations can detect newly disclosed CVEs in their libraries and patch them before threat actors exploit the vulnerability, directly reducing zero-day exposure risk.

CPhishing attempt

Phishing attempts target users through deceptive emails or messages and are mitigated by email filtering, user awareness training, and MFA-not by tracking vulnerabilities in open source code.

DAdvanced persistent threat (APT) attempt

While APTs may eventually exploit software vulnerabilities, they are primarily characterized by long-term, stealthy intrusion campaigns that require behavioral detection, threat intelligence, and network monitoring to mitigate-not solely open source library tracking.

Concept tested: Vulnerability management for open source software dependencies

Source: https://www.cisa.gov/resources-tools/resources/software-bill-of-materials-sbom

Topics

#open source security#vulnerability management#software supply chain security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice