(ISC)2(ISC)2
CSSLP · Question #381
CSSLP Question #381: Real Exam Question with Answer & Explanation
The correct answer is C: Lower the chance of incorporating tampered or malicious third party components. The primary objective of secure software supply chain practices is to lower the chance of incorporating tampered or malicious third-party components into software.
Secure Software Supply Chain
Question
What is the primary objective of secure software supply chain practices for a development team that wants to avoid using compromised components?
Options
- ABinary Authorization
- BIncrease release speed and shorten time to production
- CLower the chance of incorporating tampered or malicious third party components
- DAchieve complete adherence to every regulatory standard
Explanation
The primary objective of secure software supply chain practices is to lower the chance of incorporating tampered or malicious third-party components into software.
Common mistakes.
- A. Binary Authorization is a specific Google Cloud feature that enforces deployment-time security policies, which is a control within a secure supply chain, not the overall objective.
- B. While efficient security practices can streamline processes, increasing release speed is not the primary objective of secure software supply chain practices, but rather a potential secondary benefit or a separate goal.
- D. While compliance is a goal, the primary objective is preventing compromised components, and 'complete adherence to every regulatory standard' is often an unrealistic and overly broad goal for a single set of practices.
Concept tested. Secure software supply chain objectives
Topics
#Software supply chain security#Compromised components#Third-party risk#Malware prevention
Community Discussion
No community discussion yet for this question.