Which practice provides formal visibility into software components used by suppliers to manage supply chain security risk?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the DSAC-11 Annex C Test with real-time quizzes and multiple-choice questions. Each question offers hints and explanations to enhance your preparedness. Boost your confidence and ensure success in your DSAC-11 Annex C exam!

Multiple Choice

Which practice provides formal visibility into software components used by suppliers to manage supply chain security risk?

Explanation:
Providing formal visibility into software components used by suppliers hinges on having a complete, structured inventory of every library, package, and module included in the software, along with versions and how they relate to one another. An SBOM, or Software Bill of Materials, is exactly that: a standardized list that names all components and their metadata. With this inventory, you can see what pieces are in your products, identify which components have known vulnerabilities, and understand which suppliers or products are affected. This makes it possible to assess supply chain risk, plan remediation, and verify that security controls align with the actual components in use. Other options address different security concerns. Data minimization is about limiting what data you collect, incident reporting focuses on communicating about security events after they occur, and access controls govern who can reach systems or data. While important, none of these provide the formal, itemized view of software components that SBOMs deliver for managing supply chain risk.

Providing formal visibility into software components used by suppliers hinges on having a complete, structured inventory of every library, package, and module included in the software, along with versions and how they relate to one another. An SBOM, or Software Bill of Materials, is exactly that: a standardized list that names all components and their metadata. With this inventory, you can see what pieces are in your products, identify which components have known vulnerabilities, and understand which suppliers or products are affected. This makes it possible to assess supply chain risk, plan remediation, and verify that security controls align with the actual components in use.

Other options address different security concerns. Data minimization is about limiting what data you collect, incident reporting focuses on communicating about security events after they occur, and access controls govern who can reach systems or data. While important, none of these provide the formal, itemized view of software components that SBOMs deliver for managing supply chain risk.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy